Skip to main content

How to Disable Self-service Password Reset (SSPR) on the Credential Provider


Use this guide to disable the Self-service Password Reset (SSPR) feature that lets end-users reset or unlock their passwords or accounts without the assistance of the help desk or IT administrators.


WARNING: Once SSPR is disabled on the SecureAuth Credential Provider, it cannot be re-enabled unless the SecureAuth Credential Provider is re-installed. See SecureAuth Credential Provider Configuration Guide and refer to the Optional Credential Provider Preferences section for instructions on enabling the Self-service Password Reset feature.

Applies to

SecureAuth IdP Versions

SecureAuth Credential Provider Version

Windows OS Versions

8.0 - 9.1

SecureAuth Credential Provider 2.6.5 and later

Windows 7, 8.1 or 10 desktop (32-bit or 64-bit support)

Configuration Steps


The SSPR feature is disabled by removing the WorkflowLabel and WorkflowURL keys from the Windows machine registry. The result of these actions prevents the SSPR linkfrom appearing on the SecureAuth Credential Provider.

1. From Start on the Windows machine, type Run

2. Type regedit in the Run dialog

3. In the Registry Editor, navigate to HKEY_LOCAL_MACHINE > SOFTWARE > SecureAuth2FactorCP

4. Find WorkflowLabel and WorkflowURL and set the value of each to an empty string, or delete these entries

5. Save edits