- Expose multiple user interfaces, to make the system readily available:
- Web browser / PC login screen / pre-boot + telephone call / on-premise / off-site
- Connect the user to a temporary VPN connection, if off-site.
- Identify the user (enter ID, e-mail, employee number)
- Authenticate the user (security questions, token, SMS/PIN, voice biometrics).
- Allow the user to choose a new password.
- Write new password to target systems (AD, etc.) and update passwords cached
on the user's PC.