What is the purpose of this guide?

Does a customer, internal policy, or preference dictate that you need to retain passwords or require mandatory password rotation for employees in your Trusona passwordless environment?  If so, users may forget their passwords because they no longer use them to login. This guide provides solutions to securely manage passwords in the rare case that they are required in a Trusona's passwordless environment.

Requirements:

1. Admin access to the Trusona Dashboard

2. Admin access to your identity provider (Okta, OneLogin, Active Directory, etc.)

3. Installed Trusona passwordless MFA solution

4. Passwords in your passsworldess environment that users are required to reset even though they do not use them to authenticate. 

Solution #1:

Store user password in Keeper's password manager with Trusona's passwordless authentication as the master password. Users can secure their credentials without passwords and easily access their password when mandatory rotation dictates. Users can retain access to their Okta, OneLogin, Active Directory, or other passwords, as well as store non-SAML/OIDC application credentials, without the need to remember any passwords. 

Please follow Trusona's Passwordless MFA for Keeper guide to secure your environment today! 

Please see Keeper-Trusona SSO Connect Cloud documentation for further information. 

Solution #2:

As the admin, use a batch task to manually reset all user passwords without requiring users to sign in in your identity provider (Okta, OneLogin, Active Directory, etc.) Users can reset passwords via their recovery email in the event that users need to login using credentials or personally reset their passwords.

Please reach out to support@trusona.com if you have any questions, concerns, or feedback.