According to Upwork’s Future Workforce Report, fifty-five percent of the surveyed managers agree that remote work among full-time employees is more common now. These same managers say they expect up to thirty-eight percent of their full-time workers will work remotely by the end of the 2020s. Telecommuting is catching up quickly, and organizations are welcoming the increased productivity and optimum office space utilization that this change offers.
In most cases, employees drop by the office for onboarding, collect their credentials, and leave, seldom returning unless there’s a meeting or urgent work that requires their presence or expertise. Telecommuting is made easy because of thoughtfully designed directory services like Windows Active Directory (AD), the front-runner in managing user identities within an organization.
How Active Directory enables telecommuting
Telecommuters are authenticated into their systems thanks to cached credentials—an encrypted verifier of the user password stored on the client machine the first time a user logs in to the system. The password the telecommuter enters is processed with the same hash function which was used to create the password verifier and is compared with the cached credentials (username + verifier). If the verifier string and the hashed version of the entered password match, the telecommuter is authenticated into the system even when the domain controller is unavailable.
Once logged in using the cached credentials, remote employees can use a virtual private network (VPN) to access network resources. There’s just one hindrance to this seamless flow: passwords! If an employee forgets their password, they have to call the help desk; but for remote employees, being outside the office network renders help desk staff powerless.
If they’re unlucky enough to forget their AD password, a telecommuter has to come all the way to their respective work location and connect to the corporate network. Only then can they change their AD password and update the cached credentials on their local machine. Seems tedious, right? Well, not if you have ADSelfService Plus!
ADSelfService Plus is a secure end-user password reset management and single sign-on solution. ADSelfService can update users’ cached credentials through VPN, even when a client machine isn’t physically connected to the AD network.
To learn more about how this works, grab a copy of our guide, “The ultimate guide to extending password support to remote employees.” In this guide, our product expert explains how password caching works in AD, how remote workers are affected by AD, and how the problem of updating cached credentials for telecommuters can be resolved using ADSelfService Plus.