Reset User Password

Contributors tvanroo

Reset user password steps

  1. Navigate to the Used Detail page in VDS

    password1

  2. Find the Password Section, enter the new PW twice and click

    password2

    password3

Time to take effect

  • For environments running an “Internal” AD on VMs in the environment the password change should take effect immediately.

  • For environments running Azure AD Domain Services (AADDS) the password change should take about 20 minutes to take effect.

  • The AD type can be determined on the Deployment Details Page:

    password4

Self service password reset (SSRP)

The NetApp VDS Windows client and the NetApp VDS web client will provide a prompt for users that enter an incorrect password when logging into a v5.2 (or later) virtual desktop deployment. In the event that the user has locked their account, this process will unlock a user’s account as well.

Note: users must have already entered a mobile phone number or an email address for this process to work.

SSPR is supported with:

  • NetApp VDS Window Client

  • NetApp VDS Web Client

In this set of instructions, you will walk through the process of using SSPR as a simple means to enable users to reset their passwords and unlock their accounts.

NetApp VDS Windows client

  1. As an end user, click the Forgot Password link to continue.

    ssrp1

  2. Select whether to receive your code via your mobile phone or via email.

    ssrp2

  3. If an end user has only provided one of those contact methods, that will be the only method displayed.

    ssrp3

  4. After this step, users will be presented with a Code field where they should enter the numeric value received either on their mobile device or in their inbox (depending which was selected). Enter that code followed by the new password and click Reset to proceed.

    ssrp4

  5. Users will see a prompt informing them that their password reset has been completed successfully – click Done to proceed to complete the logon process.

    Note If your deployment is using Azure Active Directory Domain Services, there is a Microsoft-defined password sync period – every 20 minutes. Again, this is controlled by Microsoft and cannot be changed. With this in mind, VDS displays that the user should wait for up to 20 minutes for their new password to take effect. If your deployment is not using Azure Active Directory Domain Services, the user will be able to log in again in seconds.

    ssrp5

HTML5 portal

  1. If the user fails to enter the correct password when attempting to login through the HTML5, they will now be presented with an option to reset the password:

    ssrp6

  2. After clicking on the option to reset their password, they will be presented with their reset options:

    ssrp7

  3. The ‘Request’ button will send a generated code to the option selected (in this case the user’s email). The code is valid for 15 minutes.

    ssrp8

  4. The password has now been reset! It is important to remember that Windows Active Directory will often need a moment to propagate the change so if the new password does not work immediately, just wait a few minutes and try again. This is particularly relevant for users residing in an Azure Active Directory Domain Services deployment, where a password reset could take up to 20 minutes to propagate.

    ssrp9

Enabling self service password reset (SSPR) for users

To use Self Service Password Reset (SSPR), administrators must first enter a mobile phone number and/or an email account for an end user There are two ways to enter a mobile number and email addresses for a virtual desktop user as detailed below.

In this set of instructions, you will walk through the process of configuring SSPR as a simple means for end users to reset their passwords.

Bulk importing users via VDS

Start by navigating to the Workspaces module, then Users & Groups and then clicking Add/Import.

You can enter these values for users when creating them one by one:
ssrp10

Or you can include these when bulk-importing users downloading and uploading the preconfigured Excel XLSX file in with this content filled out:
ssrp11

Supplying the data via the VDS API

NetApp VDS API – specifically this call https://api.cloudworkspace.com/5.4/swagger/ui/index#!/User/User_PutUser – provides the ability to update this information.

Updating existing user phone

Update the users' phone number on the User Detail Overview page in VDS.

ssrp12

Using other consoles

Note: you currently cannot provide a phone number for a user via the Azure Console, Partner Center or from the Office 365 Admin console.

Customize SSPR sending address

NetApp VDS can be configured to send the confirmation email from a custom address. This is a service provided to our service provider partners who wish for their end users to receive the reset password email to be sent from their own customized email domain.

This customization requires some additional steps to verify the sending address. To start this process, please open a support case with VDS support requesting a custom "Self Service Password Reset Source Address". Please define the following:

  • Your partner code (this can be found by clicking on settings under the upper-right down arrow menu. See screenshot below)

    partnercode

  • Desired "from" address (which must be valid)

  • To which clients the setting should apply (or all)

Opening a support case can be done by emailing: support@spotpc.netapp.com

Once received, VDS support will work to validate the address with our SMTP service and activate this setting. Ideally you’ll have the ability to update public DNS records on the source address domain to maximize email deliverability.

Password complexity

VDS can be configured to enforce password complexity. The setting for this is on the Workspace Detail Page in the Cloud Workspace Settings section.

password5

password6

Password complexity: Off

Policy Guideline

Minimum Password Length

8 characters

Maximum Password Age

110 days

Minimum Password Age

0 days

Enforce Password History

24 passwords remembered

Password Lock

Automatically lockout will occur after 5 incorrect entries

Lock Duration

30 minutes

Password complexity: On

Policy Guideline

Minimum Password Length

8 characters
Not contain the user’s account name or parts of the user’s full name that exceed two consecutive characters
Contain characters from three of the following four categories:
English uppercase characters (A through Z)
English lowercase characters (a through z)
Base 10 digits (0 through 9)
Non-alphabetic characters (for example, !, $, #, %)
Complexity requirements are enforced when passwords are changed or created.

Maximum Password Age

110 days

Minimum Password Age

0 days

Enforce Password History

24 passwords remembered

Password Lock

Automatically lock will occur after 5 incorrect entries

Lock Duration

Remains locked until administrator unlocks