Office 365: Reset Password
Description
Office 365: Reset Password plugin step resets the password for a user in Office 365.
Important: To use the step, you must add the registered app to the User Administrator role.
Complete the following steps:
i. Go to Azure Active Directory.
ii. Select Roles and administrators -> Search and click on User administrator.
iii. Click on Add assignments button.
iv. Go to Select Member -> Click on No member selected button.
v. Search your registered app name -> Select that app.
vi. Click on next button (you must have an active assignment) -> Click on Assign button.
Prerequisites:
- To reset the password of user “Password Administrator” or “Helpdesk Administrator” permission from “Roles and administrators” should be given to the Application (O365 Azure AD). This permission may take some time to get reflected.
- Global administrator permission can reset the password for any user and all other administrators.
- Helpdesk administrators or Password administrators can reset passwords of other users who are non-administrators.
Permissions: Office 365 Reset Password Step needs the following permissions:
| Permission type | Permission (from least to most privileged) |
|---|---|
| Application | User.ReadWrite.All, Directory.ReadWrite.All, User.ManageIdentities.All |
References:
- https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles
- https://docs.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http
Configurations
| No. | Field Name | Description |
|---|---|---|
| 1 | Step Name | Name of the step. This name has to be unique in a single workflow. |
| Connection: | For details about app registration, see O365 App Registration, Authentication, and Permissions in Azure AD | |
| 2 | Tenant ID | Provide a valid Tenant ID of Microsoft Account. The data type is string. This field is mandatory. |
| 3 | Client ID | Client ID of the Application created in Microsoft Account. The data type is string. This field is mandatory. |
| Client Secret | ||
| 4 | Accept Value as variable/static | Leave checkbox unchecked to accept Client Secret value from a field in the previous steps of the stream using a drop down list. Else enable checkbox for Client Secret field to appear as Text box. |
| 5 | Client Secret | Specify the Client Secret generated in Microsoft Account. Client Secret is entered using a widget. The widget handles both Text (static value or environment variable) and Combo (drop down containing values from previous steps). If checkbox above is enabled Client Secret field appears as a Text box and accepts static or variable values. Else if checkbox above is disabled Client Secret field appears as a drop down to select fields from previous steps. The data type is secure string. This field is mandatory. |
| 6 | Button: Test Connection | Test connection with Client ID and Client Secret provided. Verifies whether the connection is established or not. Note: For the purpose of verification fields coming from previous steps are not allowed since field values can only be accessed when workflow is in running state. Static values and environment variables are allowed. |
| Input Tab | ||
| Input Fields | ||
| 1 | User Email | Specify the email address of the user whose password is to be reset. The data type of this field is string. This field is mandatory. |
| 2 | Button: Get | Click this button to display a windows pop-up with list of all the available user emails. |
| 3 | New Password | Specify the new password for the user. The password must satisfy minimum requirements as specified by the user’s passwordPolicies property. By default, a strong password is required. The data type of this field is string. This field is mandatory. |
| 4 | User Must Change Password At Next Logon | Allowed values are true or false. Provide true if the user must change the password on the next login; otherwise false. - This may take some time to get reflected. The data type of this field is string. This field is mandatory. |