https://github.com/generalbots/azureadpasswordreset.gbapp
Custom General Bot App (.gbapp) for resetting an user password in Azure Active Directory, Office 365, Dynamics 365 or any app published through Azure AD. Navigate to the BotServer repository for more information:
https://github.com/generalbots/azureadpasswordreset.gbapp
active-directory bot bot-framework-v4 botbuilder facebook-messenger general-bots general-bots-application reset-password skype virtual-assistant whatsapp
Last synced: about 1 month ago
JSON representation
Custom General Bot App (.gbapp) for resetting an user password in Azure Active Directory, Office 365, Dynamics 365 or any app published through Azure AD. Navigate to the BotServer repository for more information:
- Host: GitHub
- URL: https://github.com/generalbots/azureadpasswordreset.gbapp
- Owner: GeneralBots
- Created: 2018-07-27T16:46:10.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2024-05-16T14:34:37.000Z (about 1 year ago)
- Last Synced: 2025-03-28T01:46:19.826Z (about 2 months ago)
- Topics: active-directory, bot, bot-framework-v4, botbuilder, facebook-messenger, general-bots, general-bots-application, reset-password, skype, virtual-assistant, whatsapp
- Language: TypeScript
- Homepage: https://github.com/pragmatismo-io/BotServer
- Size: 8.21 MB
- Stars: 8
- Watchers: 1
- Forks: 3
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# UPDATE 2021-04-13
There are a new alternative to Directory.AccessAsUser.All as Microsoft released the new UserAuthenticationMethod.ReadWrite.All permission (https://docs.microsoft.com/pt-br/graph/api/passwordauthenticationmethod-resetpassword?view=graph-rest-beta&tabs=http).
*This is a General Bots open core package, more information can be found on the [BotServer](https://github.com/pragmatismo-io/BotServer) repository.*
MSDN article **[Applied AI – Using a Bot for Password Reset](https://blogs.msdn.microsoft.com/buckwoody/2018/09/25/applied-ai-using-a-bot-for-password-reset)** by *Rodrigo Souza*.
# AzureADPasswordReset.gbapp
Custom dialogs for reseting user password in Azure Active Directory, Office 365, Dynamics 365 or any app published through Azure AD. Se also [IntranetBotQuickStart.gbai](https://github.com/pragmatismo-io/IntranetBotQuickStart.gbai)
## Bot Administrator - Setup Security
So the Bot provides an **admin** mode allowing the user having the Directory.AccessAsUser.All permission to be logged on Administrative interface to obtain and save its token into the database.
## Bot User - Reset Password
With the access token stored in the database, any user can access anonymously the
bot and through a combination of e-mail and mobile received code, the user will be able to reset her or his password.
### Reset password via Web
Any user can use a web address to talk to a reset password bot. Just provide credentials that are confronted with Microsoft Graph to ensure security.
general-bots-reset-ad-password.gif
### Reset password via Skype
This is the case when user does not have the password to login on Skype for Business or Teams, and they need to reset their password, so the right tool is Skype.
## References
1. https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api
2. https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_update
3. https://stackoverflow.com/questions/43625460/change-password-for-azure-ad-using-microsoft-graph
4. https://stackoverflow.com/questions/44313884/insufficient-privileges-for-password-reset
## License & Warranty
General Bots Copyright (c) pragmatismo.cloud. All rights reserved.
Licensed under the AGPL-3.0.
According to our dual licensing model, this program can be used either
under the terms of the GNU Affero General Public License, version 3,
or under a proprietary license.
The texts of the GNU Affero General Public License with an additional
permission and of our proprietary license can be found at and
in the LICENSE file you have received along with this program.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
"General Bot" is a registered trademark of pragmatismo.cloud.
The licensing of the program under the AGPLv3 does not imply a
trademark license. Therefore any rights, title and interest in
our trademarks remain entirely with us.
## DISCLAIMER
**THIS IS AN EXPERIMENTAL [.GBAPP](https://github.com/pragmatismo-io/BotServer#gbapp) PACKAGE - USE IT AT YOUR OWN RISK.**
According to Dan Kershaw - MSFT, the only way to reset an user's password programaticaly is to use changePassword (Microsoft Graph) within user context that has the Directory.AccessAsUser.All permission.
This solution provides an administrative bot session which allows an admistrator, with sufficient privilegies, to generate a token and persist it to the bot database. Then, with the initial administrative setup done, any user will be able to talk to the bot to reset their password, just providing their e-mail and confirming a SMS code received on the registered mobile phone on the Azure AD profile.
Also, he notes: "**(...)This is a very dangerous thing to allow an app to do, without a signed-in user being present, which is why we don't offer it(...)**"
[Dan Kershaw – MSFT](https://stackoverflow.com/questions/44313884/insufficient-privileges-for-password-reset)
>Change Password - in Microsoft Graph (although not documented) you'll find the "changePassword" method on user - ../users/{id}/changePassword, which takes the old password and a new password. This API works ONLY for the signed-in user (so it requires the delegated OAuth2 code flow). It requires an admin to consent for Directory.AccessAsUser.All (although we are looking at adding a more granular permission).