Getting Back to Work Just Got Easier: Introducing Expired Password Resets with Duo Single Sign-On

This article has been indexed from The Duo Blog

One of our core tenets at Duo is to help organizations provide workforce users with a seamless authentication experience while reducing the administrative burden on IT and helpdesk teams. We continue to enhance our secure access capabilities while centering an easy, effective user experience. 

Active Directory is the most popular authentication source connected to Duo Single Sign-On (SSO), accounting for almost 80% of all Duo SSO setups. Today, we’re excited to announce a new feature that will make that setup even better: expired password resets!

Let’s take a step back and look at how applications, of all sorts, have handled authentication for as long as we can remember. Most commonly, these applications communicate directly with Active Directory over Lightweight Directory Access Protocol (LDAP). With that authentication flow in place, and with a handful of Microsoft prerequisites, many applications added the ability for users to reset their expired password through the site or client so that users could access their application without needing to take up crucial helpdesk time. 

Over time, customers are increasingly moving toward a federated authentication workflow where their applications no longer communicate directly to Active Directory and instead communicate to a third-party identity provider. This often means that all of the benefits of native in-line password reset is lost and that users are often blocked. With our new Expired Password Resets feature in Duo SSO, we want to provide the easiest experience for users and let them quickly reset their expired password, log into their application, and get on with their day.

In the 90 days leading up to this release, more than 60,000 users have been blocked due to expired passwords among customers running updated versions of our Duo Authentication Proxy. 

Expired password resets with Duo SSO allow users to reset their expired Active Directory passwords while authenticating through Duo SSO. After a user attempts to log into Duo SSO, they’ll be informed that their password has expired and may change their password after completing multi-factor authentication (MFA).

Once the user successfully completes MFA they’ll be prompted with a page similar to this, which will show them your Active Directory password re

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: Getting Back to Work Just Got Easier: Introducing Expired Password Resets with Duo Single Sign-On