This scenario sketches a password reset of a KeyHub account without vaults. When your Active Directory (AD) password is synchronised with KeyHub, a helpdesk group is set in KeyHub and your AD password is changed outside of KeyHub.
In this case your KeyHub password still needs to be reset as it differs from the changed AD password. The following steps wil guide you through the process.
Step 1: Sign in to KeyHub
Userone’s password has been changed outside of KeyHub. Userone logs in to KeyHub with the new AD password.
Step 2: Synchronise password
KeyHub detects that the AD password and the KeyHub password are no longer synchronised. KeyHub prompts the user to reset the vaults.
As the password was forgotten by the user, the user must choose, “I forgot my Topicus KeyHub password” option. No passwords have to be filled when choosing this option.
Step 3: Password recovery
Userone gives the new AD password and a reason for the reset.
Step 4: Password recovery
The reset needs to be approved by 2 members of the helpdesk group. Topicus KeyHub will show userone who is apart of the helpdesk.
Once 2 members of the helpdesk group have approved the reset, userone can give the new password (the new AD password).
Step 5 - Done!
Userone can log in as usual.
Note: the audit trail shows the events.