Forum Discussion
Questions on Implementing Forced Password Resets Using Sentinel Playbooks
Hello! I am working on automating a forced password reset at the next login using Sentinel playbooks. I have a couple of questions and would love some help with this: How can I set this up so that...
Hello luchete ,
I noticed that the automation sends notifications to the manager. Could you provide directions and examples for creating a conditional policy or script that prompts users to change their password the next time they log in? Should this be implemented in Sentinel?
Regarding EntraID conditional access or security policies, how can these be integrated into Sentinel? Also do you have examples of how to do conditional access policies or security policies for resetting password next login. My initial idea was to handle the password reset through Entra, but I couldn't find instructions on how to connect it to Sentinel and be triggered via a playbook.
Thank you!
In EntraID you can set up a conditional access policy that forces users to reset their password on the next sign-in. Unfortunately, this isn’t something that can be directly implemented via Sentinel, but you can trigger an automation playbook in Sentinel to respond to certain alerts or events (e.g., suspicious login activity) and initiate the password reset process through Entra ID.
To integrate Entra ID with Sentinel, you'd need to ensure that your Sentinel environment is set up to monitor and alert based on specific Entra ID events. From there, you can trigger a playbook to take actions such as invoking a password reset through Entra’s API.
For creating conditional access policies for password resets, here’s a simplified outline:
In Entra ID, create a policy to require a password reset under conditions such as after a certain event or risk level is detected. You can configure this policy to work alongside Sentinel by making Sentinel alerts trigger actions like this.
Regards!
