Help Desk RCDC Tab for Unlocking and Unregistering Users from SSPR

  • Article

In virtually every Self-Service Password Reset engagment I have done, there is always some role that organization's helpdesk / service desk (etc) plays in the administrative processes that accompany it; mainly the ability for them to clear the registrations of users whom have simply forgotten their security question answers and to unlock users whom have failed to complete the reset their passwords too many times.

To make this easy, what I do is simply add a tab to the Configuration for User Editing RCDC. The following is the XML that I tend to just paste into it right after the ContactInfo tab and customize as necessary: 

  <my:Grouping my:Name="ServiceCenter" my:Caption="Service Center" my:Enabled="true" my:Visible="true">
 <my:Help my:HelpText="%SYMBOL_ContactInfoTabHelpText_END%" my:Link="01796fb1-c1ab-417c-abe3-41d1907e299a.htm#bkmk_grouping_ContactInfo"/>
 <my:Control my:Name="ResourceCurrentSetPicker1" my:TypeName="UocIdentityPicker" my:Caption="Locked Out Authentication Processes" my:Description="This is a list of the authentication processes out of which the user is locked out (e.g. self-service password reset)" my:RightsLevel="{Binding Source=rights, Path=AuthNWFLockedOut}">
 <my:Properties>
 <my:Property my:Name="Mode" my:Value="MultipleResult"/>
 <my:Property my:Name="ObjectTypes" my:Value="WorkflowDefinition"/>
 <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName"/>
 <my:Property my:Name="AttributesToSearch" my:Value="DisplayName"/>
 <my:Property my:Name="Value" my:Value="{Binding Source=object, Path=AuthNWFLockedOut, Mode=TwoWay}"/>
 <my:Property my:Name="Filter" my:Value="/Set"/>
 <my:Property my:Name="UsageKeywords" my:Value="ServiceCenterUI"/>
 <my:Property my:Name="ResultObjectType" my:Value="AuthNWFLockedOut"/>
 <my:Property my:Name="SearchOnLoad" my:Value="true"/>
 </my:Properties>
 </my:Control>
 <my:Control my:Name="ResourceCurrentSetPicker2" my:TypeName="UocIdentityPicker" my:Caption="Registered Authentication Processes" my:Description="This is a list of the authentication processes for which the user is registered (e.g. self-service password reset)" my:RightsLevel="{Binding Source=rights, Path=AuthNWFRegistered}">
 <my:Properties>
 <my:Property my:Name="Mode" my:Value="MultipleResult"/>
 <my:Property my:Name="ObjectTypes" my:Value="WorkflowDefinition"/>
 <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName"/>
 <my:Property my:Name="AttributesToSearch" my:Value="DisplayName"/>
 <my:Property my:Name="Value" my:Value="{Binding Source=object, Path=AuthNWFRegistered, Mode=TwoWay}"/>
 <my:Property my:Name="Filter" my:Value="/Set"/>
 <my:Property my:Name="UsageKeywords" my:Value="ServiceCenterUI"/>
 <my:Property my:Name="ResultObjectType" my:Value="AuthNWFRegistered"/>
 <my:Property my:Name="SearchOnLoad" my:Value="true"/>
 </my:Properties>
 </my:Control>
 </my:Grouping>

 

Below is what is looks like after you post the updated RCDC

 

As you can see, this will allow a help / service desk member the ablity to clear self-service password reset registrations and to clear any that have been locked.

Couple of notes:

Regarding the highlighted text, if you have a UsageKeyword that you associated with Help / Service Desk UI resources (and you should organize your UI resources like that), those highlighted values are what you would replace with the UsageKeyword you've created.

Also, be sure you grant those Help/Service Desk users (i.e. set members) the right to read and modify the AuthNWFRegistered and AuthNWFLockedOut attributes of the Password Reset Users set. Otherwise, this won't work.

 

Good luck!