- Make sure you have writeback configure on the Adconnect
- Make sure the adconnect AD account has appropriate rights to change password
Configure SSPR for the Org
Login into the Azure Portal, go to users, and click Password Reset
Go to Properties and select either a group or All for SSPR
Authentication Methods select what you want and how many require for the SSPR service, you can also specify the questions you want. If you want a pseudo MFA, you can require 2 methods of verification, say Phone and questions
Registration: Require users to register when they login. I have seen if this is not selected a lot of users will not bother to register.
Notifications. Select if user should get a notification when their password is reset. I have seen some customers like this
Select if you want to customize the service desk url
Password writeback. Choose this option so on-prem users can use the service
Deploy to users
Ask users to login and setup/register for SSPR. They will be prompted to set it up on login!