The self-service capabilities here refer to the ability to manage group, users profile and passwords. These capabilities are helpful in reducing the cost and labor of the IT departments. It enhances the user experience and removes the unnecessary hassle of asking for permissions of the administrator. Self-service capabilities enable the users to manage the mentioned services without compromising the security of the systems. Everything happens within the policies set by the organization.
Let us say few people in an organization want to create one group where they can connect with each other for certain period of time. Usually, they will have to ask for the administrator to create a group for them. But in Azure active directory, one person can create a group and others can join the group without having to ask the administrator. Also, the group owner can handover the ownership of the group to someone else by himself.
Azure Active directory offers the services that lets the users (client’s employees or application users) to manage their password on their own. The end users can make a self- registration for password reset. Additionally, this service includes the resetting and changing the password by the end users.
Self-service capability policies are completely controlled by the administrators of Azure Active directory. They can configure the policies in accordance with their organizations policy. They can view the reports on end user password resets, change, etc. This way administrators can monitor the user’s activities for their account management, even after making them capable of self-service.
In order to use this service, organizations must subscribe to basic or premium version of Azure active directory. There is a detailed demonstration of self-service password reset and group management using Azure Active Directory in a separate chapter of this tutorial.