(Cloud) Tip of the Day: Customize SSPR for federated users

  • Article

Today’s Tip…

I ran across this frequently asked questions blog post: https://blogs.technet.com/b/ad/archive/2015/12/11/azuread-mailbag-self-service-password-reset.aspx and I wanted to point out this great question…

Question: I love the SSPR functionality but my users authenticate with AD FS. Is there a way I can leverage SSPR with ADFS?

Answer: Absolutely! It only takes three steps using AD FS 2012 R2 web theme customization to add a nice "Can't access your account?" link in the sign-in page like below:

clip_image001

Step 1: Create and export the AD FS Web Theme

Use Windows PowerShell to create a new AD FS web theme from the current one and to export its different resources to your local disk. We will use this new theme to add the link directing users to the password reset page. Just type in the highlighted commands: "New-ADFSWebTheme -Name ADFSAndSSPRFun -SourceName default". "Export-ADFSWebTheme -Name ADFSAndSSPRFun -DirectoryPath C:\customization"

image

After this step, all the images, CSS, scripts, and other resources will be available in the local directory you specified (in this example c:\Customization). The folder structure should look like this:

Step 2: Tweak onload.js to add the link

Edit the onload.js file, (located under the "script" folder in the root directory you exported to in step 1) and add this little script snippet at the end. This will add the link at the end of the page:

image

Step 3: Upload the new content and switch to the new theme

Finally, use Windows PowerShell to upload our modified onload.js file from step 2, in the theme we created in step 1.

Once the theme is updated, we'll switch AD FS to use the new theme.

Set-AdfsWebTheme -TargetName ADFSAndSSPRFun -AdditionalFileResource @{Uri='/adfs/portal/script/onload.js';path="c:\customization\script\onload.js"}

Set-AdfsWebConfig -ActiveThemeName ADFSAndSSPRFun

image

And that's it. Now your users easily access the Self Service Password Reset capabilities.

For other great frequently asked questions about our Azure AD Self-Service Password reset capabilities, check out the following Microsoft article…

https://blogs.technet.com/b/ad/archive/2015/12/11/azuread-mailbag-self-service-password-reset.aspx