Overview Tab
Function: Allows checking the status of your Local Active Directory key if your district uses a Local AD integration.
Details: Includes which user generated the last key and the date it was generated.
Integration Requirement: Both key files are necessary to establish a connection between the Password Reset Assistant and Microsoft AD.
Instructions: For instructions on creating this link, refer to the Connecting the Password Reset App with Microsoft Active Directory help document.
Policies Tab
Function: Allows you to view, create, and manage the password reset policies for your site.
Creation: To create a new policy, click on Add Policy at the top right corner of the page.
Management: Edit, copy, and delete policies using the Edit and More options located on the right of any listed policies.
Reset History Tab
Function: Allows you to review all password resets initiated throughout your district.
Filtering: You can narrow down the history using filter options to search by:
The user the reset was for
The status
The user who performed the reset
Creating a Password Policy
To add a new policy, navigate to the Policies Tab and click Add Policy on the right side of the page, which opens sections.
Reset Policy
Policy Name: The name of your password policy that will appear in the policies list.
Reset token expiration (minutes): The duration a reset token remains valid after it is generated.
Password Complexity Requirements
This section controls the following:
Minimum length: Sets the minimum password length.
Must contain at least: Sets the types and counts of characters necessary for a password.
Password Complexity Instructions
Include instructions for the specific password requirements you have set.
Options
This section controls how the policy appears and how users can reset their passwords. You can enable multiple recovery methods.
Supported Password Recovery Methods
Set New Password Directly
Availability: Only available to users with access to the user profile (e.g., Admins, Agents).
Function: Allows users to manually reset their password directly from their profile page.
Recovery Questions
Availability: Only available to users for self-solve and password reset.
Function: Allows users to set and answer recovery questions when resetting their password.
Requirement: The "Users can initiate own password recovery" option must be enabled for users to reset their passwords using this method. This option is located under the Whose password can be reset section.
Emailed URL
Availability: Available for users to self-solve and for users with access to the user profile (e.g., Admins, Agents).
Function: Allows users to send an email containing a password reset link. This can only be sent to the email address stored in iiQ.
Text Message
Availability: Available for users to self-solve and for users with access to the user profile (e.g., Admins, Agents).
Function: Allows users to send a text to their stored phone number containing a password reset link.
Generate A Password Reset Code
Availability: Only available to users with access to the user profile (e.g., Admins, Agents).
Function: Allows users with the correct permissions to generate reset codes that can be used to reset their passwords from the login screen.
Requirement: The option for users to change their own passwords must be enabled when the Generate Reset Code acceptance method is enabled. This option is located under the Whose password can be reset section.
Login Providers
These options specify the system containing your primary user login data and the system to which the password reset request is routed.
Local (iiQ Only): Used for locally created accounts; all requests of this type should route to Local (iiQ Only).
Google SSO: Route requests through Google SSO directly or via the password connector app to Local AD.
Microsoft Azure SSO: Route requests through Azure SSO directly or via the password connector app to Local AD.
Authorizing the iiQ Password Reset App: To allow the iiQ Password Reset App access to Azure AD, you must add it to the Helpdesk administrator role:
In Azure AD, click Roles and administrators.
Search for Helpdesk administrator and click it.
Click Add assignments, search for 53491971-ebf5-499b-9540-b9d4dc2293cd.
Select Incident IQ - Password Assistant Integration and click Add.
Sources that route to Local AD (via password connectors app):
ClassLink SSO
Enboard SSO
Microsoft Active Directory
Microsoft Active Directory Federated Services
Rapid Identity SSO
When routing requests to an external system, you must identify the Incident IQ field used for user lookups and the field this should match against in your AD/SSO.
Recovery Questions Settings
Only appears if selected as a recovery method.
Number of questions that must be answered: Sets the required number of secret questions a user must answer during a password reset (must be less than or equal to the number of questions you create). This is a required field.
Alert Methods: Options to provide in-system prompts for users to set up their secret question answers:
Dashboard Widget: Displays a widget at the top of a user’s page.
Popup message on login: Displays a pop-up window when users log in.
Add: Button to add a new secret question (must be greater than or equal to the required number of questions).
Note: Questions and answers are saved when they are answered. To change them, the user will need to select new questions to answer.
Who Can Perform the Password Reset
You must specify who can perform and whose password can be reset. You may set up multiple profiles in this section.
Who can perform the password reset: Determines what users can perform a password reset (narrow by location, user role, user policies, or individual user).
Callout: The checkbox below, ‘Allow Users that Match the above setting,’ must be enabled if a user does not have the ‘Manage Location’ permission for a specific location.
Whose Password Can Be Reset
Determines what users can have their passwords reset using this policy (narrow by location, user role, user policies, or individual user).
Additional Options:
Users can change their own password: Has to be enabled if the acceptance method Generate Reset Code is enabled.
Users can initiate their own password recovery: Allows users to click Forgot Password on the login screen to access enabled recovery options (Recovery questions, Emailed URL, Text Message).
Additional Policy Options
Send password expiry emails: Sends an automatic email alert when passwords are about to expire, based on the Active Directory expiration date. If selected, specify how far in advance and how often the alert will go out.
Ticket Details Integration: Allows configuring which tickets, aside from Password Reset tickets, will display the password reset widget for agents and administrators. If you select "Notify all followers on ticket of password change success/failure," any follower on a ticket will be notified by email whether the reset succeeded or failed.
Password Reset for Students Through My Classes
You can allow teachers to reset students' passwords through My Classes by enabling the following settings:
Enable My Classes: Under Site Options, enable the My Classes feature. This allows teachers to access the feature on their dashboard.
2. Set Permissions: Navigate to the left-hand nav Admin > Permissions page. Select the desired permission policy.
3. Grant User Management: In the Users section of the policy, enable ‘Manage Users’ and ‘View Users List and Details’ permissions. This grants profile access to reset the password.
4. Assign Role to Policy: In your Password Assistance Policy, under the section "Who can perform the password reset," assign the role with permissions to access the student user profile.
Teacher Action Steps:
On the dashboard, select My Classes.
Select or search for the student.
Click on the student to access their user profile.
Scroll down to the Password Reset section and click Change Password.
Resetting Users’ Passwords
Resetting a user's password is based on the permissions set in the password policy.
Initiating a Reset:
Go to a user's profile page within iiQ.
Scroll down to the Password Reset section.
Click Change Password.
Acceptance Methods: (These methods are dependent on the settings in the password policy.)
Set a new password directly: Allows you to enter a new password for that user manually.
Review the complexity instructions for the password.
Note: You must inform the user of the new password; iiQ does not automatically send an email.
Email URL: Sends a password reset email to the user.
Set how long the link in the email should be valid.
This can only be sent to the email address stored in iiQ.
Text Message: Sends a text message to the user with the recovery link.
This method will only appear if the user has a phone associated with them.
Set how long the link should remain valid.
Generate A Password Reset Code: Generates a reset code that needs to be sent to the user.
User steps: The user goes to your district's iiQ login page and clicks Forgot Password. They enter their email address, then the password reset code, and can then reset their password directly.
Users Resetting Their Own Passwords Through iiQ
Users can self-solve and reset their own passwords through iiQ.
Prerequisite: The option "Users can initiate own password recovery" must be enabled under the "Whose password can be reset" section of the password policy.
User Action Steps:
Go to your district’s iiQ login page and click Reset your Password.
2. Enter their email address.
3. The available acceptance methods (dependent on policy settings) will display:
Recovery Questions: The user answers the prompted questions to reset their password. Note: This method only appears if the user has answered the recovery questions before attempting recovery.
Email URL: Sends an email to the user's email address (stored in iiQ) containing a password reset link.
Text Message: Sends a recovery link to the user's phone. Note: This method only appears if a phone is associated with the user.



























