Challenge
A Swedish municipality uses Microsoft Active Directory (AD) to manage accounts, so that employees can log on to their computers and obtain the permissions required for the systems and services the user must have access to. To log in to their computer, the user needs to enter their password, which is stored on the account in AD. It is common for the user to forget the current password after, for example, time off and holidays. The municipality wants the user to be able to reset their password completely by themselves, without the involvement of a service desk, and at the same time maintain a high level of security to avoid attackers exploiting vulnerabilities and being able to steal the user's password. Password recovery must be easy to use and involve minimal work with administration, as well as provide higher security and save time and money.
Solution
With Fortified ID Password Reset, the municipality's employees can use the methods offered via the municipality's authentication service (Identity Provider, IdP) to reset the password in AD. The e-identifications and MFA methods offered are BankID, Freja eID and Foreign eID (European e-identification via eIDAS). About the solution With Fortified ID Integrity, e-identification or a mobile app can be used as a method, both for self-registration and logging into the organization's systems and digital resources.
The solution is very cost-effective:
Issuance of the e-identification is handled outside the organization
e-Legitimation is something most users are used to using privately
Requires minimal administration in the organization
Employees without e-identification can use one-time passwords via SMS/Email or software or hardware tokens such as Yubikey or Fetian.
Standardized integration
Other
The connection between the user's e-identification and the user's account in the organization takes place via a lookup against AD. The solution connects the identifier on the user's e-ID with an attribute on the user's account in AD. The municipality can choose which attribute to use for this mapping. The solution corresponds to the password requirements and its complexity configured by the municipality in Active Directory. The integration between Password Reset and the municipality's login service takes place via a standardized flow based on SAML2.