Using Azure AD SSPR (Self-Service Password Reset) and a background process to assign user supplied contact data, newly onboarded users may both verify and set their first credential without needing to contact the IT Service Desk.

The below script demonstrates a means to faciliate this using native Microsoft Graph API calls:

Pending re-write with msgraph-sdk-powershell.

SSPR

https://aka.ms/sspr

Parameters

Realm

https://aka.ms/sspr?whr=domain.com

Username

https://aka.ms/sspr?username=firstname.lastname@domain.com

Final Redirection

Final step redirection.

https://aka.ms/sspr?ru={HTTP Encoded Parameter}

https://login.microsoftonline.com/tenantId/oauth2/v2.0/authorize?client_id=appId&scope=https://yourApp.com/scope&redirect_uri=https://yourApp.com/

The above plaintext URL must be HTTP encoded when supplied as the parameter in the SSPR URL.

Mobile Method Screenshots

The following steps outline the user experience for the single (mobile) authentication method.

Landing Page

SSPR - Get Back Into Your Account

Phone Number Verification

SSPR - Mobile Number Verification

Six Digit One Time Code

SSPR - Mobile Number Code

Password Reset

SSPR - New Password

Final Step

SSPR - Final

Final Step with optional URL

SSPR - Final With Option

Categories:

Updated: