Supported Authentication Providers for Password Reset

Supported Authentication Providers for Password Reset

Password Reset can be configured to add accounts to the following authentication providers:

  • Active Directory Services (Windows)
  • NT Directory Services (Windows)
  • Forms Based Authentication using the following membership provider:
    • SQL Server membership provider

Authentication providers not specifically listed here are not supported with Password Reset.

The Authentication Provider Administrator Account configured in the Authentication Providers settings must have the following minimum permissions to create accounts in Active Directory Services or NT Directory Services:

  • The Create User Objects permission for an organizational unit or the domain is required to create accounts and set some account properties.
  • The Reset Password permission on the User Object is required to set account passwords.
  • The Write All Properties permission on the User Object is required to set remaining account properties.
  • The Write All Properties permission on a Security Group is required to add an account to a group.

NOTE: If the Authentication Provider Administrator Account permissions are not set as described above, Password Reset users will not be able to create and configure all account properties allowed in the web part.

Sometimes we see customers attempt to enter the fully qualified domain name (FQDN) for the Domain field; this should be the NetBIOS (pre-Windows 2000) name of the domain. For example, the Domain field should be the “domain” portion of the account’s logon – “bambooadmin” should enter “bamboo” in the Domain field, not “bamboo.local”.

The SharePoint Administrator Account configured in the Authentication Providers settings is used to add users to SharePoint groups and to modify the SharePoint User Information List (Windows SharePoint Services 3.0 and SharePoint Foundation 2010 only). The SharePoint Administrator Account should be a site collection administrator.

Setting up an Anonymous Access SharePoint Site

Setting up an Anonymous Access SharePoint Site

By default, anonymous access is not enabled in SharePoint 2010 nor SharePoint 2013. SharePoint administrators may want to enable anonymous users to have access to content without having to provide authentication credentials. Anonymous access is permitted or denied based on the permissions for the site. Additional configuration is needed for anonymous users to access content or web parts within a site.

For information about the SharePoint permissions given to the anonymous account, this article from Microsoft provides a good summary: Decide whether to allow access for anonymous users.

Step Action Description
1. To configure anonymous access on one particular site in a Site Collection, you first access Central Administration > Application Management > Manage web applications

CentralAdmin.jpg

Icon-Warning IMPORTANT: You must have access to the SharePoint Server and IIS Manager in order to complete this task.

2. Select the Web Application containing the site you want to configure for anonymous access. AuthProv.jpg
3. Configure the Authentication Providers; in this example, the only choice is Default. Default.jpg
4. This opens the settings to Edit Authentication, where you can check the box to Enable anonymous access for that Web App zone. Edit.jpg
5. Once this has been done, when you go back to the Web App Ribbon and select Anonymous Policy, you will be able to select the zone (or All Zones in this case, since Default was the only zone), and then choose any restrictions to anonymous access.

Policy.jpg

By default, “None – No policy” is set, so you need do nothing here since you do not want to place any restrictions on anonymous access.

Up to this point, you have preconfigured where you want to allow anonymous access to be set. But now you need to set the final settings at a Site Collection or Site level or anonymous users will not have any access.
6. Navigate to the location where you want to allow anonymous access and go to Site Actions > Site Permissions Notice now in the Ribbon, there is an option for Anonymous Access.
ConfigAccess.jpg
7. To grant anonymous access only to a sub-site in a Site Collection, then nothing should be done with Anonymous Access at the Site Collection top-level. Instead, navigate to the sub-site and from there select Site Actions > Site Permissions.

Stop.jpg

This will show that this sub-site is inheriting permissions from its parent; to allow anonymous access to this sub-site, you need to break inheritance from the parent site — click the Ribbon option Stop Inheriting Permissions.

8. The Anonymous Access button is now available on the sub-site Ribbon and when you open the option, you have some choices available. Anon.jpg
The default setting is “Nothing” but you can change it to allow anonymous access to the entire site or to Lists and Libraries only.
9. You will also note that the Anonymous Users has been added to the site permissions showing the permission level you selected.

Users.jpg

This site can now be accessed without the need to login.

See also:

SharePoint 2007:

Resetting Your Password

Resetting Your Password

Password Reset provides two types of authentication for password reset requests: email confirmation and security question & answer. Depending on how your admin has configured the web part, when you reach a page that contains Password Reset you will see one of two different views.

Should your admin configure the web part to send an email for a password reset, the web part will look like this:
Simply enter your User Name and Email address. An email will shortly arrive that includes a link.PWreset1.png Just click the hyperlink inside the email body to reset your password.
ConfirmationEmal.png
If the web part has been configured to use security questions, the questions that the admin created for validation will display within the web part.
PWreset.png If you enter the correct answers, Password Reset displays an auto-generated password using a complex password algorithm.
REset.png
If you do not see the display immediately, it could be that your web part was configured differently. Either your account will be unlocked automatically, enabled automatically or you will need to reset your password the next time you log in.
PWreset2.png
Image displays three choices an admin can make when configuring Password Reset.
If the web part is used on an anonymous access site, an additional captcha challenge will be presented.
PWresetCaptcha.jpg Just enter the text displayed in the provided text box, in addition to the other required fields, to reset your password.

If needed, an alternative text string can be displayed by simply hitting the refresh icon.

Password Reset Security Question

Password Reset Security Question

Overview of Password Reset Configuration settings
Step Action Result
1. Expand the Security Questions section of the web part to view the options available. At least one security question must be entered if this option is selected. SecQs.jpg
2. Security Question [#1-#3] Displays the question in the Web Part. If a Security Question is blank, the question and corresponding field are not displayed in the Web Part interface.
3. AD Custom field name for answer to Security Question [#1-#3] Enter the LDAP attribute that the user’s answer is confirmed against.