User Configurations

The below content will guide users through the enrollment and password reset process.

Enrolling with Specops uReset

When a Specops uReset Policy is enabled, and the Specops Client is installed, a link to the Specops Customer Portal is presented to the user from the system tray notification balloon tip. When the user follows the notification link to the enrollment page on the Specops uReset web application, the enrollment process is started.

The enrollment process will vary depending on the identity services configured for the user. To get started, the user must confirm their username and password, and select an identity service from the list. To complete your enrollment, you will need to collect enough stars to fill the star bar by selecting and providing the appropriate information for each identity service. Each identity service is marked with how many stars they are worth.

NOTE
  • A Manager Identification request is valid for 60 minutes.
  • The mobile verification code, generated from the Mobile Code (SMS) identity service, is valid for 5 minutes.

Users may also be pre-enrolled into the system (for more information about administrator enrollment, see Administrator enrollment)

Reset your password with Specops uReset

Follow the Reset Password link in the Windows Logon screen to authenticate yourself using the identity services you enrolled with. Select one identity service at a time and perform the corresponding authentication. You will be authenticated when the star bar is full. Once you have identified yourself, you will be taken directly to the New Password Page in the Specops uReset web application.

As you enter your password, you will automatically see if you are meeting the complexity requirements of the password. The complexity requirements will each contain one of the four colors:

  • Green indicates that the complexity requirement has been met
  • Red indicates that the complexity requirement has not been met
  • Grey indicates that the complexity is an optional requirement.
  • Yellow indicates that the complexity requirement is a server side requirement and can only be verified once the password has been submitted

Submit the password once you have fulfilled the complexity requirements.

To reset your password across any browser or with a mobile device or tablet, visit: https://www.ureset.com/uReset.Web/ and follow the on-screen instructions.

Mobile Applications

The following mobile applications can be used to authenticate your identity during a password reset.

Specops Password Reset App: Specops uReset contains a mobile application, available in Windows Store, Google Play, and App Store, that can be used as a secure alternative to reset passwords and unlock accounts. The mobile app is available to any organization that permit users to reset their password remotely.

Specops Authenticator App: The Specops Authenticator app is a high trust identity service, which turns the mobile device into a secure token device. The app generates a secret code that users must provide in addition to their username when authenticating their identity during a password reset. The codes generated are based on industry standard Time-Based One-Time Password Algorithm security tokens. As such Specops Authenticator can work interchangeably with both Google and Microsoft Authenticators.

To enroll with the Specops Authenticator, download the application on your device. You will need to register your account from the Specops uReset enrollment page by scanning the QR code with the Authenticator app. Once the QR code has been scanned, the Authenticator app will generate a temporary passcode. Enter the passcode on the uReset enrollment page, and click Verify. The Specops Authenticator contains its own user store which uses a GUID and a secret string to identify the user. When a user affected by a uReset Policy utilizing the Specops Authenticator enrolls in the service, the above identifiers are stored on the user object in Active Directory.

Fingerprint Authenticator: The Specops Fingerprint Authenticator app allows you to authenticate to the Specops uReset password reset service using either the Touch ID fingerprint recognition feature integrated into your iOS, or the Fingerprint API scan feature integrated into your Android 6.0 or newer operating system.

NOTE
The full requirements of the Fingerprint Authentication app on an Android device are:
  • Android 6.0, API level 23: Older devices will not see the Fingerprint app from Google Play.
  • Android API compatible Fingerprint: Most devices with Fingerprint hardware and Android 6 are compatible. Some exceptions are the Samsung Note 4 and the Samsung Galaxy S5. The aforementioned have a Samsung specific API that the Specops Fingerprint app does not support. Non-compatible devices can still install the Specops Fingerprint app, but a runtime error message will be displayed indicating the lack of hardware support.

To enroll with the Fingerprint Authenticator, download the application on your device. You will need register your account from the Specops uReset enrollment page, by scanning the QR code on the uReset enrollment web page, with the Fingerprint Authenticator app. You will be prompted to provide your fingerprint. Depending on the device being used, you will be asked to either place or swipe your finger on the sensor.

The Fingerprint identity service stores a GUID and a public key. The end user has the corresponding private key, which is used to sign the data created by the Fingerprint identity service. To authenticate the user, the Fingerprint identity service must verify, with the public key, that the signature on the data is done by the corresponding private key.