Cloud-hosted password reset with Active Directory write-back – a great affordable alternative to Azure AD Premium
Forgotten passwords and password resets are a problem we see come up all the time. The two lowest tiers of Microsoft Azure AD have a partial fix to the issues. They allow you to reset your passwords in the cloud. But the new passwords do not get written back down to your Active Directory. This isn’t a problem if you don’t have an Active Directory, but if you like most organisations do have AD, this means your users will have out-of-sync passwords. This is far from ideal.
Microsoft has a solution: Azure AD Premium. The problem is that they really aren’t joking when they say “premium”. AAD Premium is a fantastic package of security and enterprise mobility technology, but if your main immediate need is just to have your passwords reset and synced properly back to your Active Directory then AAD Premium is overkill and very expensive.
So we created Surp4ss!. Surpass provides the same secure web-based password reset functionality as Azure AD and it’s accessible anywhere. So, it’s great for on-site and remote workers alike. Plus, as with Azure AD Premium, it will write the password back to your Active Directory, ensuring it’s in-sync with all your other systems such as Microsoft 365. Surpass is not a replacement for Azure AD, it’s an accompaniment to it. It’s an extension that allows you to keep using AAD for all your SSO and MFA requirements, while keeping your costs down on your password resets and write-back.
Surp4ss! enables your users to securely reset their organizational passwords from a fully-brandable webpage, and then securely writes the password down to your Active Directory. As an administrator, you can set how your users reset their password, as well as password policies on complexity, rules and exclusions. Where you want a user to be able to reset their password via SMS or an alternative email address you can either have the user submit the information required themselves (e.g. mobile phone number) or pull the attribute(s) from your Active Directory.
- A secure AD sync agent that you implement on a domain control server
- A customizable password reset screen which allows you to add your own custom background, text, logo and colours
- Custom URL which you can C-Name to make fully custom, e.g. reset.yourdomain.com
- Self-service password reset and known password reset
- Reset options via SMS, security questions, alternative email
- Password policy and complexity options
- Conditional lock-out options
- Instant Active Directory password write-back
- Support for both Microsoft 365 and G-Suite (and many other systems based on an AD password).