Back in 2021, Gartner estimated that between 20 and 50 percent of service desk calls are for password resets. That’s a wide margin, and it would have been nice if that august body could have calculated a narrower range. However, it is still a lot of work for a straightforward task that doesn’t require too many technical skills.
Here is our list of the best self-service password reset tools:
- ManageEngine ADSelfService Plus EDITOR’S CHOICE This package includes a Web-based self-service portal that includes a password reset function and knowledge base templates to enable users to solve other problems. Runs on Windows Server, AWS, and Azure. Get a 30-day free trial.
- Microsoft Entra ID This is Azure AD with a new name, and it has a starter level that is free. Get up to the paid Premium plan to include a self-service password reset. Runs on Azure.
- Specops uReset This online system lets users manage their own passwords from the onboarding process, where users are asked to create a password for a new account.
- One Identity Password Manager Provides a method to extend Active Directory access rights management to operating systems other than Windows. Runs on Windows Server.
- FastPass SSPR This self-service password reset product is available as an on-premises software package or a cloud-based SaaS platform.
- Avatier Password Management This package runs on Docker, so it can be hosted on any platform.
- Passportal Blink This cloud-based reset app is an add-on to the Passportal Password Management package.
It is possible that the percentage of time that the Service Desk team spends on password issues has reduced in recent years since Garner’s investigation. This is because self-service password reset tools are becoming more prevalent and businesses are starting to recognize their value.
A self-service portal has many other benefits. It provides an opportunity for an IT department or a managed service provider to present a friendly face to the user community. It can provide a central point of access to guides and explanations that enable users to fix many problems and better understand the technology that they are given in order to do their jobs.
The best self-service password reset tools
Our methodology for selecting a self-service password reset tool
We reviewed the market for self-service portals that provide opportunities for users to reset their own passwords and analyzed the tools based on the following criteria:
- A Web-based interface for users
- Connection into Active Directory
- Options to build a knowledge base
- A white-labeled interface that can be branded
- Implementation of single sign-on and multi-factor authentication
- A free trial or a demo option that enables buyers to try the tool before buying
- Value for money from a self-service system that is competent and offered at a fair price
The requirement for a Web-based interface is very important because you need a system that can be accessed from anywhere. However, that doesn’t mean we only looked for cloud-based packages – you can host a Web server yourself.
Now, let’s look at each of the systems in more detail.
1. ManageEngine ADSelfService Plus (FREE TRIAL)
ManageEngine ADSelfService Plus is a package that you host yourself, but it includes an interface that can be triggered from your login screens. This provides the ideal combination of control and accessibility. The tool is very flexible and provides a lot of options for password policy enforcement that is implemented directly in the self-service portal.
Key Features:
- Integrated interface interface: Appears as a pop-up on your system login screen
- Mobile app: Provides an alternative access channel
- Enforces password policy: The self-service portal isn’t a security loophole
- Password management features: Single sign-on and multi-factor authentication
- Manages access to hybrid systems: On-premises resources and cloud apps
Why do we recommend it?
ManageEngine ADSelfService Plus provides an interface for users to update their own passwords for companies that use Active Directory for access rights manager. Active Directory is the leading ARM in the world and is the first choice for businesses that have endpoints running Windows. The package can also manage accounts for Microsoft 365, Google Workspace, and Salesforce.
Business software is in a transition phase – it has been for some time – with applications and services shifting from on-premises servers out to cloud platforms. This package is able to enhance password management for AD to protect on-premises systems and cloud applications.
I found that the list of cloud-based systems that this package can manage passwords for is headlined by Microsoft 365, Google Workspace, and Salesforce. However, there are actually a lot more systems that the ManageEngine tool can sort out access to. Those other applications include Zoho, Zendesk, Oracle E-Business Suite, and Dropbox.
Who is it recommended for?
ManageEngine has made this package very appealing for small businesses because the tool is free to manage access for 25 users. The price for the paid version is levied on a scale, and the package can scale up to serve very big corporations. The system is delivered as a software package, but you can host it on your AWS or Azure account on the cloud.
Pros:
- Deployment option: Will install on Windows Server or cloud platforms
- Force password resets: Requires that users renew passwords
- Notify users: Send password reset orders via SMS, email, or push notification
- Verification options: Provides multiple options for user authentication
- Audit reports: Generates logs for all portal activities
Cons:
- No SaaS option: The cloud-hosted version has to be loaded on your cloud account
ManageEngine offers a Free edition, but you can get a 30-day free trial of the paid version. If you decide not to buy at the end of the trial, your installation reverts to the Free edition, which is limited to serving 25 users.
EDITOR'S CHOICE
ManageEngine ADSelfService Plus is our top pick for a self-service password reset tool because it provides a way for users to directly but safely access Active Directory records. Very large corporations, such as IBM, Cisco Systems, and eBay, use this tool for their own user accounts. It is reliable and secure. The tool can extend password management to a long list of third party cloud systems, and you can implement password complexity rules through the interface. The package provides a mobile app that can be distributed to users as an authentication mechanism. The service can also communicate with the mobile devices of users to send out password-related notifications, such as password reset requirements.
Download: Access a 30-day FREE Trial
Official Site: https://www.manageengine.com/products/self-service-password/self-service-reset-password-management-solution.html
2. Microsoft Entra ID
Microsoft Entra ID is the new name for Azure AD. Anyone who opens an Azure account gets access to this online version of Active Directory for free. The package includes a self-service portal, called My Account, and that includes a self-service password reset feature for cloud applications. Subscribers to the Premium editions of Microsoft Entra get an interface that enables users to reset their passwords for your on-premises systems as well.
Key Features:
- A Microsoft product: Better known as Azure AD
- Integrates into Windows: Lets you adapt the standard Microsoft login procedures
- Multiple platforms: Azure, AWS, and Google Cloud Platform
- Password management for hybrid environments: Available with Premium plans
Why do we recommend it?
Microsoft Entra ID is available to all for free. Anyone who opens an Azure account gets access to this tool, and you don’t need to sign up for any services on Azure. The system applies to user accounts on services and applications on AWS and GCP as well as Azure. Coverage for on-premises resources is also possible.
I noted that the entire Entra platform implements Active Directory and can be coordinated with your on-premises AD system through replication or migration routines. The service isn’t able to integrate with other access rights managers. However, if your applications and services can integrate with Active Directory, you can use the Entra ID system to manage accounts for it.
Who is it recommended for?
This is a good choice for any business, but it is closely linked to the use of the Azure platform. This system is free, and it includes password reset services for users as long as those credentials relate to cloud-based systems. Move up to one of the Premium packages to get that service applied to users of on-premises systems.
Pros:
- Permissions discovery: Consolidates cloud accounts
- Risk assessments: Helps formulate strong security policies
- Activity logging: Helpful for compliance reporting
- DC protection: Records changes to user account records
Cons:
- Coverage for on-premises accounts is not included: The Self-service password reset function for on-premises resources is only included in the Premium editions
Microsoft Entra ID is available in four editions: Free Premium 1, Premium 2, and Governance. You can try any of the paid accounts for 30 days without paying. For example, there is a 30-day free trial of the Entra ID Premium 1 package.
3. Specops uReset
Specops uReset is a self-service password reset package that provides a centralized, cloud-based authentication engine, while managing locally stored credentials. Local caches are an essential part of many facilities, such as Websites and VPNs. The Specops system doesn’t block the storage of credentials in browsers and in the Windows operating system, but it coordinates with them. The tool also interfaces with Active Directory.
Key Features:
- Operates as an external authenticator: Interfaces with on-premises ARMs
- Replicates password changes: Changes that users make to passwords are copied through to other credentials stores
- Integrates with application login screens: Adds a Reset Password link to log in screens
Why do we recommend it?
Specops uReset integrates so well into login screens that it looks like a part of that application rather than a third-party tool. The system can be used to set up a new user account, prompting the user to create a password. Then, during the lifetime of that account, the user has the option of changing the password without having to contact the Help Desk.
I noted that the help package supports users who have been locked out of accounts as well as those who have forgotten their passwords – usually, lockouts occur because the user has entered credentials incorrectly many times in a row.
Who is it recommended for?
This system is particularly useful for businesses that have remote users. This is because the tool will store credentials locally and update central ARMs, such as Active Directory when a connection is made.
Pros:
- Operates well with VPNs: A user who is locked out of the VPN can change a password and the system will update AD once the device connects
- MFA options: Integrates with Duo Security, Google Authenticator, Microsoft Authenticator, Okta, PingID, Symantec VIP, and Yubikey
- Mobile app coverage: Manages passwords on mobile devices
Cons:
- Only for Windows passwords: Doesn’t operate with apps that run on Linux or macOS
Specops offers uReset on a 30-day free trial.
4. One Identity Password Manager
The distinctive feature of One Identity Password Manager is that it enables system administrators to centralize all access rights management in Active Directory. AD is widely used on computers running Windows, but it doesn’t reach out to other operating systems, such as Unix, Linux, and macOS. One Identity mediates between operating systems to enable all credentials to be stored in one place: Active Directory. The package includes a self-service password reset function.
Key Features:
- Unified access rights management: Extends Active Directory’s reach to cover Linux, Unix, and macOS
- Automates credentials management: Removes human error
- Multiple domain support: Coordinates the password management for multiple systems
Why do we recommend it?
One Identity Password Manager operates as a converter that enables Active Directory to be used for access rights management on operating systems other than Windows. I learned that you can maintain the Active Directory system on your site and then the One Identity system interfaces with other operating systems and the software packages that run on them.
The Password Manager package mediates between operating systems. The tool works behind the scenes but does have interfaces for human interaction. These include an administrator console and a self-service portal for users.
Who is it recommended for?
One Identity is a brand owned by Quest. That conglomerate specializes in IT tools for mid-sized businesses. So, that gives an idea of the core target market for the Password Manager. One Identity doesn’t provide a price list, which makes it difficult to assess the tool’s suitability for small businesses.
Pros:
- Automates credential administration tasks: Reduces the workload of IT technicians
- Adaptable unlock function: Let users revive locked accounts through customizable workflow
- Based on Active Directory: Benefits from the reliability of AD as a credentials store
Cons:
- Relies on Windows Server: Companies that don’t use Windows Server can’t deploy this package
One Identity offers a 30-day free trial of Password Manager.
5. FastPass SSPR
FastPass SSPR is a self-service password reset service – that’s what SSPR stands for. This is part of the full FastPass password management platform. FastPass has recently been taken over by rival provider Delinea, which runs its own credentials management and password vault products.
Key Features:
- Operates on Windows: Integrates with Active Directory
- Options for ERPs: Oracle and SAP
- Special version for IBM computers: z/OS, i Services, and RACF
Why do we recommend it?
FastPass SSPR is centered on Active Directory. It has a range of add-ons available, to interface with Oracle and SAP. The IBM version still runs on Windows Server but operates an interpreter to manage credentials on IBM operating systems. The package can also be run on Azure and manage passwords through Entra ID (Azure AD).
I observed that the self-service function offers the opportunity for users to unlock an account that has been locked for suspicious activity, which could be caused by a user who has forgotten the password. It also allows users to change passwords for accounts that have not been locked.
Who is it recommended for?
FastPass outlines that its on-premises package is suitable for businesses with 4,000 user accounts and its cloud-hosted SaaS version is designed for companies with around 20,000 user accounts in Active Directory. So, this is not a package for SMEs. There is an edition for managed service providers.
Pros:
- Deployment options: An on-premises package or a SaaS platform
- Customizable user interface: Add your company branding
- Password policy enforcement: Rotation and complexity
Cons:
- No good for Linux: Even the cloud option won’t manage Linux-based accounts
FastPass doesn’t offer a free trial of its SSPR product but you can request a demo.
6. Avatier Password Management
Avatier Password Management is a universal login service that includes a feature for users to reset their passwords. The tool has a library of integrations, so it will provide access to many of the applications that you already provide for your users. This tool isn’t based on Active Directory, although you can link it to that system or any other LDAP-based access rights directory package.
Key Features:
- Enrollment services: Can integrate with your access rights manager
- A standard login interface: Implements single sign-on
- MFA integration: Use third-party systems, such as OKTA
Why do we recommend it?
The Avatier Password Management system provides an onboarding feature that includes the ability to set up user accounts in bulk. The package then provides you with a login screen for your apps and that includes a Reset button. This login service can appear on websites, local software, and mobile apps.
I concluded that this is a flexible service because you can link it to any directory server, any SSO provider, and any MFA system. The Password Management package includes a Help Desk module, which provides activity statistics and manual assistance for users who aren’t able to use the automated tool.
Who is it recommended for?
Avatier caters to all sizes of businesses, and its deployment over Docker means that it can be run on any operating system. The ability of this package to interface with any directory service also gives the Password Management system a wide potential customer base.
Pros:
- Facilitated reset option: Help Desks can use the password reset function
- Activity logging: For compliance management
- Training guides: A library of how-to videos
Cons:
- No version for MSPs: Doesn’t offer a multi-tenant architecture
You can assess Avatier Password Management with a 14-day free trial.
7. Passportal Blink
Passportal Blink is a self-service password reset app that is available as an add-on to the Passportal Password Management tool. The main service and the add-on are reliant on Active Directory, and they manage user accounts for Microsoft products and on-premises resources.
Key Features:
- Accesses account for Microsoft systems: Active Directory, Entra ID, Windows, and Microsoft 365
- A mobile app: Supports resents for on-premises and cloud systems
- Identity proof: Fingerprint or facial scan
Why do we recommend it?
Everyone has a mobile device, and Passportal Blink takes advantage of that fact to provide an easy and fast way to unlock a business user account and reset the password. This tool can be used to let the user set up a secret password when onboarding a new account, and is available for on-demand password resets.
I found that the biometric verification option is a very strong guard against robotic attempts to break into business user accounts. The facial scan or fingerprint verification leaves no doubt that the password reset request comes from a genuine user.
Who is it recommended for?
The Passportal system is designed for use by managed service providers. However, the tool can also be used for in-house password management by IT departments.
Pros:
- RMM integration: Use in conjunction with your system management
- Active Directory synch: Updates AD immediately
- Whitelabeled: A brandable user interface
Cons:
- Windows only: Doesn’t manage passwords for non-Microsoft products
You can try out the entire Passportal suite with a free trial.