AscendCore
Back to Runbook Library
Identity Live in production

Password Reset

Automate password resets in Okta or Microsoft Entra ID directly from Slack and Microsoft Teams. Approval-required by default, with full audit trail.

Integrates with

Entra IDOkta

The problem

Password reset is the single highest-volume L1 IT helpdesk ticket category — typically 25-30% of all incoming requests in any mid-market organization. Each reset takes a senior engineer 15-20 minutes of routine work: read the ticket, verify identity, open Okta or Entra, click reset, notify the user. Multiply by hundreds of resets per week and the most expensive headcount in IT spends the workweek on the lowest-leverage work.

What AscendCore does

A user types "reset my password" in Microsoft Teams or Slack. AscendCore detects the intent, classifies it, and proposes a remediation against the user's actual identity provider. An IT admin reviews context — user identity, account status, IDP routing — and approves with one click. The reset executes, the user is notified back in chat, and the full audit trail is appended to the request log.

Workflow

  1. Detect — user message in Teams or Slack (natural language or /password-reset <email>)
  2. Classify — intent identified + target user resolved
  3. Propose — admin approval card with user context surfaced for review
  4. Approve — one-click human approval (always required by default)
  5. Execute — password reset against Okta or Entra ID via Graph or Okta API
  6. Verify — confirm reset succeeded; optionally require MFA setup on next login
  7. Notify — DM to the user with confirmation; full audit entry logged

Integrations

  • Okta — Account API for password lifecycle, factor management
  • Microsoft Entra ID — Graph API for password reset and conditional access policy
  • Microsoft Teams + Slack — Natural-language detection, approval cards, user notifications

Status

Live in production. Resolves real password reset requests against real Okta and Microsoft Entra ID tenants today, end-to-end, with full audit trail and idempotency protection.

Runbook source preview

Versioned, deterministic, auditable

Every runbook is defined as a versioned YAML manifest with explicit triggers, steps, and approval policies. The runbook itself is the audit-ready record of what AscendCore can and will do — chat is just the interface that triggers it.

name: password-reset
trigger:
  channels: [slack, teams]
  intents: [password_reset]
steps:
  - verify_identity:
      method: factor_challenge
      factors: [push, sms]
  - reset_password:
      provider: ${user.idp}
      require_mfa_setup_on_next_login: true
  - notify_user:
      channel: dm
      template: password-reset-success
approval:
  required: true
  approvers: [it-admins]
Ready to deploy

Run password reset from Teams or Slack today

AscendCore deploys in 48 hours for Slack + Okta or Teams + Entra stacks. See the first automated resolution the same day.

See plans & pricingBrowse all runbooks

More identity runbooks

Live

Access Role Change

Multi-system orchestrated role transitions for promotions, transfers, and contractor-to-FTE conversions. Five seed roles ship out of the box (support tiers, sales SDR/AE, engineering contractor/FTE/intern, HR generalist/manager); each transition produces a single approval card showing the full access diff and executes sequentially across Okta + Entra + Jira + M365 with per-step audit outcomes.

Read more
Live

Account Unlock

Automate Microsoft Entra ID and Okta account unlocks from Slack and Teams. Identity verification, approval-gated unlock, failed-login counter reset.

Read more
Live

Group Membership Management

Automate Microsoft Entra security group, M365 group, and distribution list membership changes from Slack and Teams. Name-resolved, approval-gated, idempotent.

Read more
AscendCore

AscendCore Team

Online · Ask us anything

AscendCore

Hi! Welcome to AscendCore. Ask us anything about how we automate your IT help desk — or just say hi.