The password management capabilities within OpenIAM include:

  • Self-service Password Reset (SSPR)
  • Change password
  • Password synchronization

This functionality works across both cloud and on-premise applications and provide organizations:

  • Reduced password management costs
  • Improved security
  • Ability to enforce strong password policies

Self-service password reset

Self-service password reset allows end-users to reset their own passwords without having to call the helpdesk. Organizations have the flexibility to define how SSPR should be configured and they can use a combination of the options listed below to verify the identity of the user before making the change.

  • Challenge response questions
  • One-time link by e-mail
  • One-time token by SMS or e-mail

Once the user identity has been verified, end users can change their password which is validated against the password policy defined in OpenIAM. The new password can also be synchronized to any target system, such as Active Directory,, SAP, etc. which the user’s identity may have been provisioned too. SSPR with Credential Providers Self-service password reset is also available through the Windows and Mac Credential providers. Captcha Captcha can also be enabled in conjunction with the SSPR functionality to further deter unauthorized users from changing password.

Password Change reminders

Based on the password policy, OpenIAM can be configured send out reminders to users informing them of required upcoming password changes.

Password Synchronization

Along with the password policy definitions, password synchronization forms the foundation of the password management functionality. Password synchronization captures the changed password and then synchronizes it across all systems that a user has an identity in. End user efficiency is improved as a result of having to remember and manage only one password across most systems.

Reverse Password Synch from Active Directory

Organizations using Microsoft’s Active Directory, have the option to deploy the Active Directory Password Filter which allows end users to change their password on their Windows desktops. The filter will then capture the new password and securely sends it back to the OpenIAM core for synchronization across all connected systems that this user has an account in.

Helpdesk Identity Verification

While the SSPR tools are designed to avoid help desk calls, there are cases where a user may need additional assistance. These cases they will contact the help desk. To assist the help desk in verifying the identity of the caller, OpenIAM allows help desk users to capture answers to a separate set of challenge questions. Once the response has been validated, the help desk will be able to assist the caller.