Password Reset Flow - brightcone/bart GitHub Wiki

1. Introduction

This report outlines the proposed password reset functionality for BART's internal help desk chatbot. The objective is to streamline and enhance the current password reset processes for various services, including AD, Maximo, and Employee Connect, while integrating advanced verification methods.

2. Current Password Reset Process

2.1. Overview

Currently, BART’s help desk team handles password resets through multiple methods, including in-person requests, phone calls, and self-service tickets. The process varies depending on the service for which the password needs to be reset.

2.2. Service-Specific Processes

Active Directory (AD) Passwords:

  • Process: Help desk staff use OneLogin’s console to look up users, verify employee IDs, and reset passwords. Verification is conducted via video calls (Teams or FaceTime) for remote users, or through a supervisor for on-site users. If verification fails, the password is sent directly to the supervisor via email.
  • Verification: Video verification is mandatory and includes matching the badge photo with the person on the video call.

Maximo Passwords:

  • Process: Help desk staff ask for the employee ID and reset the password on the backend. Passwords are then communicated to users directly. Currently, there is no self-service option.

Employee Connect Passwords:

  • Process: Similar to AD and Maximo, with manual resets and verification as needed.

2.3. Verification Methods

Video Verification: Utilized through Teams or FaceTime for remote users. In the absence of these tools, verification is handled through the supervisor.

3. Proposed Improvements

3.1. Integrated Video Verification

The proposed chatbot will incorporate an integrated video verification method, allowing users to authenticate themselves directly through the chatbot interface. This enhancement aims to streamline the verification process and reduce reliance on external tools like Teams and FaceTime.

3.2. Automated Password Reset for Maximo

For Maximo, the chatbot will be designed to automatically create a ticket for password reset requests. This will replace the current manual process, providing a more efficient and user-friendly experience.

3.3. Enhanced Password Reset Flow

The proposed password reset functionality will follow this flow:

  • Password Reset Request: Users initiate a request for password reset through the chatbot.
  • Service Selection: The chatbot prompts the user to select the service for which they need a password reset (e.g., Employee Portal, Email).
  • User Identification: Users provide their username or email address associated with the selected service.
  • User Input Verification: The system verifies the provided username or email address.
  • OTP Generation and Delivery: Upon successful verification, an OTP is generated and sent to the user’s registered email address. This OTP is required to complete the password reset process.

For visual aids illustrating this flow, please refer to the Figma designs.

4. Future Features

4.1. Video Verification Integration

Future enhancements will include an advanced video verification method within the chatbot, allowing users to authenticate themselves without relying on external platforms. This will ensure a seamless and secure verification process.