How can we improve Azure Active Directory?

Add dynamic validation rules to Self Service Password Reset

When trying to reset your password via Azure SSPR with writeback to onprem AD, you currently don't get much detail as to why a password reset may have failed (not enough characters, not complex enough, etc). Our on-prem password reset tool can validate your new password as you type so that you can make sure the new password meets your company policies and it would be great if Azure SSPR could do this to. Even just more details on why a password reset fails would be of great help to end users.

18 votes
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)

We’ll send you updates on this idea

Nick Fields shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

Thank you for your feedback! We will take this into consideration and welcome any specific ideas or feedback you have in the meantime. Would you like to see some sort of custom password strength meter? Or maybe just text that tells the user what the on-prem password policy is? Thank you in advance!

Sadie Henry (sahenry)

5 comments

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • Andrew St. Vincent commented  ·   ·  Flag as inappropriate

    This is something that we are definitely interested in having. The number one reported issue when users reset their passwords for our company is that they do not understand what they did wrong. The following are examples of things that we would like to see dynamic feedback for based on Active Directory password policies:

    1. Password length is valid
    2. Password contains an Uppercase/Lowercase letter
    3. Special contains a special character
    4. Password contains a number

    After the user submits the password, if it fails one of the following, a specific message would also be helpful:

    1. Password length is valid
    2. Password contains an Uppercase/Lowercase letter
    3. Special contains a special character
    4. Password contains a number
    5. Password passed history requirements

    Text that shows the AD-based password policies that define the elements shown above would also be helpful.

    I would be happy to provide more details/examples if it helps get a feature like this developed.

  • Boney Francis commented  ·   ·  Flag as inappropriate

    And while at it, not just a password complexity meter, but an entropy meter that scores the password dynamically as it's entered and provides suggestions to improve it.

  • Cha Yang commented  ·   ·  Flag as inappropriate

    I would like the user to see text (perhaps customizable) showing the on-prem policy so they don't have to guess.

  • Nick Fields commented  ·   ·  Flag as inappropriate

    Either one is good, just something to help people to either properly reset their password according to the on-prem AD rules or some feedback other than just saying the new password was invalid.

Feedback and Knowledge Base