This feature would make a component like Client Login Extension very powerful, as well as bring SSPR a little bit closer to Advanced Authentication.
CLE can be effectively used to reset passwords, activate accounts or enrol new users from a locked workstation when combined with SSPR. However, one key use case missing when Advanced Authentication is present is the ability to request an emergency password. Emergency password method is the preferred emergency access method when the user cannot satisfy MFA security. Having an operator assign the emergency password to the user beats the purpose of SSPR and it's not efficient.
SSPR should offer the option to provide the user with an emergency password after having successfully passed a personal information challenge or, perhaps after a manager authorises the request. Once the user gets the emergency password, the appropriate actor should be notified so they know the user is in a risky situation. The implementation of this feature could rely on a simple request/approve workflow, a challenge, or either. SSPR post-actions could be also leveraged for automation and notification.
by: Fernando d. | over a year ago | Other
Comments