About the Client

A global biopharmaceutical company wanted to provide its field sales
reps with fast, easy, and secure way to reset their passwords that
didn’t require VPN access.

Challenge

• Lengthy password reset process
• Complex password reset questions
• Inability to verify end-user identity
• Internet or VPN access required

A global biopharma company’s busy field teams were losing time to a
complex password process. Due the organization’s security protocols, if
a rep mistyped their password, they’d be locked out of the account
and need to answer complex security questions or log in through their
VPN to reset their passwords. However, the challenge was the reps
often didn’t remember their security questions or didn’t have access to
their VPNs in the field and would have to call IT for help.

The field teams and IT support both needed a seamless, secure
process to facilitate password reset with an intuitive end-user
experience.

Strategy & Solution

• Secure mobile password reset option
• No VPN access required

Ciberspring developed a system for the client’s field reps to easily reset
their passwords via text message, providing an alternative for reps
without VPN access. Built with Okta’s single sign-on (SSO)
credentialling capabilities, Twilio SMS messaging functionality, and
integrated via MuleSoft, the system made it easy to reset passwords.

To submit a password reset request, a sales rep uses a mobile app to
share their phone number. Next, a text message that contains a
custom URL and six-digit code is sent to the sales rep’s smartphone.
Once the rep validates their identity, they can move forward in the
password reset process. No VPN access required.

For added security, a sales rep’s password reset request times out if a

certain amount of time passes between when a custom URL and six-
digit code are sent to their smartphone and when this information is

used. At that point, the system generates a service ticket and provides
the ticket number to the users so they can manually follow up with
their support team and get a password reset that way. Contacting
support becomes a last resort for reps, rather than first step.

Results

• Fast, easy password reset
• Mobile password management

Busy field reps can now reset their passwords with ease and
completely securely. A process that previously required VPN access
and/or a phone call with IT is now completely self-service via text
messages and can be accomplished with a few finger taps.
Furthermore, the MuleSoft APIs written for this project are reusable,
allowing the client to connect Okta to other applications in the future
without rewriting the integration’s code.

Going forward, the client is planning to implement this password
process across other departments to ensure easy and secure
password management across other teams.