Challenge
A Norwegian authority uses Microsoft Active Directory (AD) to manage accounts, so that the user (the user) can log in to their computers and grant permissions to the systems and services the user must have access to. To log in to their computer, the user needs to enter their password, which is stored on the account in AD. After holidays and vacations, it is common for the user to forget the current password.
The authority wants the user to be able to reset their password all by themselves, without the involvement of a service desk, and at the same time maintain a high level of security to avoid attackers exploiting vulnerabilities and being able to steal the user's password. Resetting (restoring) passwords must be easy to use and involve minimal work with administration, higher security and to save time and money.
Solution
With Fortified ID Password Reset, the agency's users can use the Norwegian e-identifications offered via the Norwegian ID portal to reset the password in AD. The e-identifications offered are BankID, MiniID, Buypass and Commfides.
The solution is very cost-effective:
Issuance of the e-identification is handled outside the organization
e-Legitimation is something most users are used to using privately
Requires minimal administration in the organization
Standardized integration
Other
The connection between the user's e-identification and the user's account in the organization takes place via a lookup against AD. The solution connects the identifier on the user's e-identification with an attribute on the user's account in AD. Authorities can choose which attribute to use for this mapping. The solution corresponds to the password requirements and its complexity configured by the authority in Active Directory. The integration between Password Reset and the Norwegian ID port takes place via a standardized flow based on OpenID Connect.