In today’s increasingly remote work environment, IT administrators face the challenge of ensuring end users can securely and seamlessly access company resources from anywhere. A critical aspect of this is managing passwords, particularly when users are away from the domain network. These remote users greatly benefit from cached credentials, or the domain username and password hash stored locally on users’ machines after a successful domain-connected login. Every time a remote user attempts to access their machine, the credentials provided are compared with these cached credentials to authenticate their identity and log them in.
Trouble arises when a remote user’s password expires or is forgotten. Admin intervention by way of password reset is to no avail, as the new password can only be updated in the domain controller and not in the locally cached credentials. This leaves the user unable to verify their identity and stranded out of their machine, affecting their productivity.
ADSelfService Plus, an identity security solution with multi-factor authentication (MFA), single sign-on, and self-service password management capabilities, helps circumvent this challenge. It helps remote users securely reset their domain passwords and automatically update their cached credentials on their local machines immediately, even if they are not connected to the corporate network.
Updating cached credentials without a VPN
ADSelfService Plus can update the cached credentials with or without a VPN. When using a VPN, the user’s machine connects to the corporate network to synchronize their new credentials with Active Directory.
Fig 1. Workflow of the cached credentials update feature with a VPN.
However, if the end user has lacks VPN connectivity, ADSelfService Plus can still update the cached credentials. The ability to remotely update cached credentials even without a VPN can be a game-changer for organizations with a remote or hybrid workforce that may not have uninterrupted access to VPNs.
How the VPN-free cached credentials update works
Fig 2. Workflow of the cached credentials update feature without a VPN.
-
When a remote user forgets their Active Directory password, they use ADSelfService Plus’ login agent to reset their password from their login screen.
-
After the user verifies their identity through MFA and resets their password, ADSelfService Plus updates Active Directory with the new password.
-
Once the new password is updated in Active Directory, the login agent automatically updates the local cache on the user’s machine with the new password.
-
The user can now use the new password to log in to their machine.
Key benefits
-
Increased availability: No more struggling with VPN connections just to reset a password. Users can reset their domain passwords anytime, anywhere, without worrying about login issues later.
-
Enhanced security: The self-service password reset process is secured with an extensive MFA feature that supports over 20 methods and adds up to three levels of authentication.
-
Improved productivity: The help desk team spends less time troubleshooting password reset issues, and users experience fewer disruptions, leading to better overall productivity.
ADSelfService Plus’ improved cached credentials update feature can streamline the remote self-service password reset process, bolstering identity security and the user experience. It’s a win for both help desk staff and users alike.
Want to try the feature out yourself? Give our 30-day, free trial of ADSelfService Plus a go. If you’d like to be shown the ropes instead, sign up for a personalized demo.