How It Works

The following steps illustrate the processes of user enrollment and resetting a password using the PortalGuard self-service functionality. The screenshots provided show the process being completed from a web browser, but the user can also complete each process from either the Windows or Mac desktop, using the same steps and an identical interface.

When the user attempts to access the password reset functionality for the first time, he or she will be guided through a series of enrollment steps. Depending on the authentication methods configured by the admin for that particular user, multiple authentication types may need to be enrolled (e.g. challenge questions, mobile authenticator, hard-token two-factor,etc.).

In order to promote convenience, PortalGuard provides flexibility by allowing the configuration of enrollment for each authentication type to either be forced immediately, or able to be postponed “x” number of times. This increases the usability for users, simplifying a task that may otherwise be found to be obstructive.

Step 1:The user attempts to login the new PortalGuard-associated portal.

\

Step 2: If the user has not yet enrolled, PortalGuard automatically displays the enrollment screen. In this example, the user account has Challenge Questions configured to complete a successful password reset.

Step 3: The user is prompted to provide answers to a certain number of challenge questions. The number of both mandatory and optional questions that the user is required to answer is configurable. PortalGuard also increases security by helping the user stick to best practices for challenge answers, such as:

No repeat answers avoiding the use of words which are included in the question text. Noting that answers are case-sensitive throughout the enrollment process, the user is also provided with helpful warning notices - such as the number of answers remaining - in order to ease the frustrations that some may feel during this process.

Step 4: Once the user answers the required number of questions, the process is complete and the user is enrolled. Clicking the provided link will close the PortalGuard dialog and continue the original login process.

Step 1: The user attempts to login to the existing company portal, but has forgotten his or her password. The user then clicks the “Forgot your password?” link.

Step 2: From the “Recovery Actions Available” section, the user chooses which self-service action should be performed. To reset a password, the user chooses the “Reset Forgotten Password” radio button and click Continue”.

NOTE: The dialog showsthe most common actions, an account unlock and password reset, but password recovery is also available.

Step 3: The user is then prompted to choose a method to authenticate before being able to reset the password. For this example, the user is ask to provide the correct answers to the previously enrolled challenge questions. PortalGuard provides helpful warning messages throughout this process.

Once the user has supplied the required number of answers, the ‘Continue’ button will be available to click.

Step 4: The identity of the user is then verified, and the user is able to set a new password.

For added usability and security features such as the “Show Password”check box and virtual keyboard can be easily enabled or disabled.

NOTE: All the following settings are policy specific; different values can be set for each user, group, or hierarchy as necessary.

Configurable through the PortalGuard Configuration Utility

Main

  • Self-service options available to users
  • Authentication types available for each self-service action

Authentication Types

Challenge Questions and Answers

  • Enrollment - optional, required, disabled
  • Recovery lockout limit
  • Answer complexity including minimum length, case sensitivity, prevent answer repetition and prevent question words as answers
  • Number of optional questions
  • Number of mandatory questions

Mobile Phone

  • Enrollment - optional, required, disabled
  • Phone number format
  • Delivery format

E-Mail

  • Enrollment - optional, required, disabled
  • Domain blacklist
  • E-Mail display
  • E-Mail format including from, subject and body fields

Notifications

  • Type of self-service including account unlock, password reset and recovery.