Playbook of the Week: Automating Password Resets with Chatbot

Introduction

“Hi, I can’t seem to login, can someone please reset my password? I need to get on a call soon”. Does that sound familiar to you?

In today's fast-paced and ever-changing world, companies are relying more and more on digital tools and services to carry out their business. As a result, users need to create and manage numerous accounts across multiple platforms, each requiring a unique username and password. However, passwords can be forgotten or lost, and users may need to reset them. This can cause a significant amount of frustration for IT teams, who must spend valuable time resetting passwords manually.

The Current State

With single sign-on (SSO), users sign in once to gain access to multiple applications or services. However, if a user wants to access a cloud-based SaaS application that supports SSO, they may need to use a separate set of credentials that are managed by an identity provider (IdP) that supports SSO. In this case, the user would need to authenticate with the IdP to gain access to the cloud-based application, rather than using their Active Directory credentials. This is because the cloud-based application may not be integrated with the organization's Active Directory domain and therefore cannot rely on Kerberos authentication for SSO.

Considering this, users often need to manage at least two very strong and complex passwords, which also have to be changed on a regular basis. This results in… a lot of forgotten passwords.

IT teams often face the problem of having to reset user passwords frequently. This can be a time-consuming task, particularly when multiple users require password resets simultaneously. Additionally, the manual process can lead to errors, and IT teams must be careful to ensure that they are resetting passwords for the correct user account.

The Solution

You can solve this problem with automation. By using Cortex XSOAR, IT teams can streamline the password reset process, ensuring speedy response and allowing them to focus on more critical issues.

Chatbots can be integrated with XSOAR to facilitate password resets. Users can initiate a password reset request through a chatbot in Microsoft Teams or Slack, which will then create an incident in XSOAR and trigger the Reset User Password via Chatbot playbook. The playbook authenticates the user's identity and verifies that they have permission to reset the password. Once the user's identity is confirmed, the playbook checks for multifactor authentication methods available to the user. It then uses one of the available methods to verify the user’s identity, generates a new password that meets the organization’s password complexity policy, and automatically updates the user's account.

As an added measure of security, the password is stored inside a password-protected ZIP file which will be sent through email. The password for the ZIP file will be sent to the user separately through Slack or Teams. Upon receipt of the email, the user can download and extract the password from the ZIP file and login to their account immediately. And of course, they will be required to change their password once they login.

Learn More

By using our "Password Reset via Chatbot” content pack, you will be freeing up valuable time for IT teams to focus on more critical issues, and your users will be spending less time waiting.

For more information on this pack and other automation use cases, visit our Cortex Marketplace.

Don’t have Cortex XSOAR? Download our free Community Edition today to test out this playbook and hundreds more automations for common use cases you deal with daily in your security operations or SOC.