Self-service password reset and management software with SMS gateway

1. Windows operating system based Secure, web-based, end-user password reset and
management solution for active directory users. The software should have the below
mentioned modules and features.
2. Self account unlock : End users to be able to self-unlock his or her own active directory account
through the web browser based self-service end user account unlock module from any remote
machine in the domain securely and with ease by answering a set of validation questions and
also without revealing his identity password information.
3. Self-service password reset: End users should be able to self-reset his active directory domain
account password remotely from a web browser without calling the helpdesk team in case the
password is forgotten. Domain users should be able to self-reset their LDAP active directory
password securely with ease by answering a set of self configured validation questions.
4. Password expiry notification: Schedule reports on soon to expire passwords and email.
Automatically emails users on the time of password expiry at regular time intervals as scheduled
by the administrator from the admin console of the software alerting users to reset login
password.
5. Update personal information in AD: The software should allow domain users to self-update their
own personal information in Microsoft Active Directory using the web based self-service portal.
6. Audit Trail on all User Activities: The software should have reporting mechanism that should
help administrator generate audit reports on all user activities that are delegated to users by
him. Audit Reports on self-password reset, self-unlock accounts and self-update of user
information in Active Directory should be recorded and can be generated.
7. Establishing identity of a user by : 1) Through security questions and answers method : Here the
user will answer a set of predefined security questions 2) SMS/E-mail based ID verification
method: Here the user has to successfully reproduce the verification code sent to his mobile or
email id to establish his identity. 3) The owner can choose to exercise both these user
identification methods for enhanced security
8. Other users when using the service should protect domain users from accidental/designed reset
of domain login passwords. The self-password reset software should allow only those users who
are enrolled in it by answering a set of hint question and answers and/or by entering mobile
number and e-mail id to perform a self-password reset.

The enrollment process should involves selecting preferred challenge questions from an available list
of questions or adding self framed challenge questions which the domain users feels is specific to
him and will challenge any other unauthorized user from detecting his/her password identity.

Answers provided to the questions at the time of enrollment by the end user are stored and are
compared for verification of the end user at his next login. If a mismatch occurs, the user is not
permitted to perform self-service password management functions and is prevented from logging in
the web portal. The Limits for the validation questionnaire should include Maximum and Minimum
lengths of the questions. The type of questionnaire (open ended or from a drop down menu)

The number of questions that an end-user is allowed to frame.

The maximum and minimum length for an answer.

The limits are set by the administrator from the admin console of the software and notified to all
users in the Windows Active Directory.
9. No of user accounts: 35000 active directory users.
10. Graphical identification and authentication module for Microsoft windows clients for enabling
self-password reset and unlock option in the winlogon (“Ctrl+Alt+Del”) screen
11. The software should have a built in bulk emailing utility to notify all users present in the
configured domain to enroll themselves
12. Enrollment is not required should administrator choose only SMS/E-mail verification code.
13. SMS gateway with all software, connectors and licenses should be supplied and configured with
the solution.
14. Multifactor authentication: To ensure that only the intended users access the self-service portal,
the software shall employ the following authentication methods to establish users identities:
Security questions and answers SMS and email verification codes RSA SecurID/Google
authenticator Push notifications Time-based one-time password (TOTP) Administrators to
have the flexibility to choose all authentication procedures or a combination of the available
methods based on their needs.
15. Mobile application: All users should be able to access the self service password management
software on Internet through mobile phones via mobile app (preferably) or mobile site.
16. Facility for directory search for users, users contact numbers
17. Support for Internet explorer, Firefox and Goggle chrome latest versions
18. Should support MySQL/MS SQL/PostgreSQL/Maria DB. Solution should be supplied with
required database and database licenses for 35000 active directory users for DC and DR.
19. Should support windows operating system – windows server 2012 , windows 2012 R2 and
windows 2016
20. Provision and configuration for Backup and Sync of DC server with DR server and database for
taking care of any eventuality in DC resulting non availability of DC SSPR service