Table of Contents
Enabling Entra ID’s Self-Service Password Reset
Before you can enable self-service password reset, you’ll need to create a group. After this, you have to choose which users you’ll authorize for a self-service password reset, then add these users to the group.
Creating a New Group
1. Login into Azure Active Directory Admin Center using an account with global admin permissions.
2. Click on the Groups tab, then click the New Group link.
3. Set the group type to Microsoft 365. Enter a name for the new group. For the purpose of this article, I’ll be calling the group SSPR (self-service password reset).
4. Click the No Members Selected link, then select the users who you’ll authorize for self-service password reset. Click Create to create the group
Turn on Self-Service Password Reset
1. Select the Password Reset tab from within the Azure Active Directory Admin Center dashboard.
2. Set the self-service Password Reset option to Selected then select the group that you created earlier.
Configure User Authentication Methods
During a password reset request, users need to use an alternative method to prove their identity. If they don’t, they can’t reset their password. As an administrator, you’ll need to choose how Entra ID will be able to prove a user’s identity.
1. Click on the Authentication Methods tab. Choose the number of authentication methods that a password reset will require.
2. Select the checkboxes corresponding to the authentication methods that you want to allow. Click Save to complete the process
The Password Reset Process
Before a user can perform a self-service password reset, they need to complete a registration process. The password reset site will ask the user for this info the first time they visit the site. For this to work, the user needs to complete the user registration.
User Registration
1. To register for a self-service password reset, a user will need to visit https://aka.ms/ssprsetup
2. Complete the account registration process. The steps vary widely based on the enabled authentication methods.
Resetting a Password
1. When a user needs to reset their password, they can visit https://aka.ms/sspr
2. Enter your username, complete the captcha, and click Next.
2. Choose your preferred authentication method then enter the verification information needed for the authentication method.
3. Enter the verification code.
4. Enter and retype your new password.
