Security Considerations
When you configure your policies, define them as secure as you can afford:
-
Limit who can use the functionality of Password Self-Service application. Consider excluding the users with administrative or special privileges.
-
Limit the authentication methods that can be used to unlock password reset. For example, favor push or require a PIN of at least 8 characters.
-
Determine the conditions for enabling password self-service, such as a known user device.
-
Exposing the agent to the internet traffic is not recommended. The agent's access must be protected through a web application firewall and should only be accessible from within the enterprise network.
Note
For security reasons, the agent verifies on every access attempt each selected authentication method regardless of the frequency specified in the STA application's policy.
