SharePoint password expiration: that alone is often enough to make chills run down the back of a typical IT administrator. Regardless of the environment, SharePoint remains a popular choice for many organizations. Reasons vary, of course, but the fact remains that SharePoint shows up just about everywhere, even today. That’s not to say that everything with SharePoint is perfect: simply do a Google Search for “SharePoint Sucks” and you’re likely to see nearly 600,000 results. One of the biggest issues from both technical and User Experience (UX) standpoints is the way in which SharePoint password expiration is handled. In fact, this is a prime example of why User Interface (UI) is such an important consideration for modern IT solutions.
Why SharePoint Password Expiration Matters
After all, that’s the question, isn’t it? It has a relatively simply answer, too: SharePoint password expiration matters because UX is extremely important in modern IT. It’s not just marketing and web design that benefit from a strong UX. When the user has a beneficial experience, it helps to build trust, loyalty, and continued use. This can translate to business, productivity, or even something as simple and powerful as a friendly referral.
SharePoint password expiration is a prime example of UX gone wrong. You would be forgiven for thinking that something as popular as SharePoint has such an obvious flaw that persists into the current versions, but that happens to be the case. SharePoint password expiration is a nightmare for end-users, plain and simple – and it all has to do with the way in which SharePoint handles authentication.
SharePoint doesn’t actually handle authentication itself, it relies on basic claims-based authentication, typically handled by the local directory (usually AD). When a user’s password expires and she/he attempts to access SharePoint, there is no legitimate notification. Out-of-the-box SharePoint simply denies access when a user attempts to login with an expired password – no warning is given, and no detailed reason is provided for why the authentication failed. Not only is this annoying, it is can be mind-numbingly frustrating for an end-user, especially when access is needed in a timely manner.
So, what do you do?
As is expected, Microsoft does have its own series of techniques for dealing with SharePoint password expiration from the administrative side of things. The most obvious method would be to send users an e-mail notification announcing the impending password expiration - but even this solution comes with its own host of potential issues. For example, when scheduling automatic e-mail reminders, a host of considerations must be made:
- Does the e-mail notify the end-user or an administrator?
- Was the e-mail received by the end user?
- Did the end-user ignore the notification?
- Was the e-mail lost to the Spam folder?
- How many e-mails are being sent?
- Large population of end-users means potentially high e-mail traffic/storage that needs to be handled.
- Can the user reset the password on his/her own or does an admin need to be involved?
- And many more...
The list goes on and on. On the surface, this solution may solve some issues with SharePoint password expiration, but e-mail reminders often simply add to the issues of password fatigue that the average end-user already suffers from. The rest of SharePoint's built in solutions provide little extra relief - primarily involving manual involvement from an administrator to function as expected. Not only does this waste time that could be spent on more important tasks or projects, but it does little to improve the UX of your integrated SharePoint portal.
Identity Providers and SharePoint Password Expiration
With the prevalence of identity management on everyone's minds these days, you've probably already heard about Identity Providers (IdPs) before. The concept is simple enough: and IdP is a solution that manages authentication and authorization within a given environment. These can typically be used for internal access, external access, or a combination of both.
So what does this mean for SharePoint password expiration? It takes the weight off of the administrative side of things and provides much needed self-service options to end-users - increasing productivity and usability while improving the UX of your digital environment. More specifically, a properly configured Identity Provider handles the authentication and authorization for SharePoint directly - letting users know exactly when their password will expire, why they were denied access, and how they can reset their password or even unlock the account. The IdP provides all of this functionality, keeping help desk calls to a minimum and both productivity and access at a welcoming high.
Whether or not you think SharePoint sucks, you are almost guaranteed to use it in one way or another. It has its ups and downs, sure, but the negatives don't have to ruin the experience or put your IT department on edge for 8 hours a day. If SharePoint password expiration and other woes are bringing down your IT department and your end users, it might be time to look for a solution to help make that pain go away.