As idemeum leverages certificate-based authentication for Desktop MFA solution, password reset won't be required unless Admin enforces password reset.
- There are User Account options available for an Admin to choose from, where enabling either of the options will ensure password reset will not be required.
- And if an Organization has a password policy to reset the password after a particular duration, idemeum passwordless login will indicate to the user that the password has expired. In those cases, please follow the steps listed in the section - Resetting passwords.
User Account options
Open Server Manager -> Tools -> Active Directory Users and Computers -> choose any user account -> open its properties. Alternatively, this can also be applied to user groups.
- Option a: Enable Password never expires
- Option b: Enable User cannot change password
- Option c: Enable Smart card is required for interactive login
- When the User's password is expired, scanning the QR code or tapping the RFID badge, the message "The password for this account has expired" is shown.
- Click Cancel
- Click Other User -> Enter the username and old password -> Press Enter
- Message Your password has expired and must be changed is shown.
- Click OK
- Enter username, old password, New password, Confirm password -> Press Enter.
- The User is logged into the session after Windows completes the update password successfully.
- Do a manual Sign-out, and you can continue using the idemeum Passwordless login by scanning the QR code or tapping the RFID badge.