SSPR is not enabled by default in MIM Service, so we need to enable some MPRs and configure some sets and workflows. The next section will outline what is needed to get this working.
The default MPRs around SSPR use a predefined set called Password Reset Users Set. If you look at the criterion for that set, you will find that it applies to all users:
Allowing SSPR for all users is usually more extreme than most organizations allow. In our situation, we will allow SSPR for all employees:
We have now defined users for whom we would like to use the SSPR feature.
As we discussed earlier, we need to have at least one authentication workflow in our SSPR implementation. The default one is called Password Reset AuthN Workflow. The default activity used in this workflow to authenticate the users is the QA gate:
There are also some activities to support the SSPR feature; we will look at those now:
The Password Authentication Challenge...