Hi everyone,
I need some guidance on implementing a “Forgot Password” feature for users with accounts across multiple Active Directory domains.
The Requirements:
- When a user clicks the Forgot Password link on the homepage, they should be directed to a form where they can select the domain for which they wish to reset their password.
- Once they select the domain and enter their username (or email), the password reset process should only apply to the selected domain.
Key Questions:
-
Do I need to set up Pass-through Authentication (PTA) for all the domains?
I understand that PTA could be useful for seamless authentication between on-prem AD and Azure AD, but is it required if we’re only performing password resets in multiple AD domains? -
Custom Workflow
I’m considering implementing a custom workflow triggered by the “Forgot Password” link. The workflow would:- Allow the user to choose their domain.
- Verify their identity (via security questions, OTP, etc.).
- Trigger the password reset in the appropriate Active Directory domain.
I’d love to get feedback on this approach or hear suggestions for handling multi-domain AD password resets in a secure and efficient way.
Looking forward to hearing your thoughts and any tips you might have on how best to implement this!
I’ll keep you all posted on my progress.
Thanks in advance!