How to set Active Directory as default for Desktop Password Reset

Hello. We are setting up Desktop Password Reset. Is there a way to set Active Directory policy as the default? We have AD policy configured in the Active Directory source, but password change window on desktop shows our default policy instead. Additionally, password changes are not making their way to AD downstream. Any assistance would be appreciated.

Hi Jim,
Thank you for the post. Once you do the reset password from Desktop Password Reset application are you able to login to IdentityNow ?

Make your default policy same as what it is for Active Directory this should do the trick.

Thanks

Hi Rakesh,

After changing the password, we can only log into IDN with the previous password, and the previous password still works for AD, indicating the change is not taking effect in IDN or AD.

I should clarify that we do have Enable Remote Identity Provider and Bypass Identity Provider configured in Service Provider, as we use our own MFA.

Can you enable Enforce Password Policy in the AD Configuration and do test again

It was already enabled prior to this.

07-14-23-ID-Profile-settings
Could this be the issue? If so, the documentation (Configuring User Authentication for Password Resets - SailPoint Identity Services) indicates the “By authenticating with an external identity provider” option should be selected under Password Reset and User Unlock Methods, but as you can see in the screenshot this option is not showing.

So Jim, Desktop Password utility is nothing but it opens the prompt what you see when you click on Problem Signin page of Identity now. If you want to change AD password then you need to do the setting in identity profile and also go to AD configuration and enforce password policy and do a quick test.

Hi Rakesh. Configuring the Identity Profile worked. Thank you.

Glad it worked Jim. Can you please mark it as a solution so that it will be helpful for others

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.