Let's assume Amber Adams has forgotten her AD password, and therefore, she is unable to authenticate properly to MIM. So, the solution that SSPR provides is to validate (authorize) the user.
Using SSPR, Amber can make an anonymous request for MIM to reset the password of the user account AAdams
. In order for that to happen, we tell MIM to try to figure out who the requestor is. We add an authentication (AuthN) workflow, which gives Amber a chance to prove her identity. If the AuthN workflow proves to MIM that the requestor is indeed the user AAdams
, it will allow Amber to reset her password.
Two built-in ways to allow people to verify their identity are the Question and Answer (QA) gate and the One-Time Password (OTP) gate. If you have Azure, you can configure multi-factor authentication to use MIM's new Phone gate too.