Getting Started

• What is the Self Service Password Reset service?

  Self Service Password Reset is a self service password and authentication method management option that is available to all Lilly workers and contingent workers. The portal is externally facing and replaces the ability of the Service Desk to reset passwords.

• What is Multi-factor Authentication (MFA)?

  Multi-factor authentication (MFA), sometimes called two-factor authentication (2FA), is a security system that requires more than one method of authentication. MFA allows you to authenticate from various devices and/or methods.

• What languages does Self Service Password Reset support?

  Self Service Password Reset supports the following languages if you have the language selected in your browser or device:

  English, Spanish (Latin America), French, German, Italian, Portuguese (Brazil), Turkish, Simplified Chinese, Japanese, and Korean

  Additional languages may be supported by the underlying Azure AD service supporting authentication methods and password reset.

• What authentication methods are supported for Self Service Password Reset?

  The following methods can be used to perform a self-service password reset:

  • Microsoft Authenticator app notification
  • Microsoft Authenticator app one-time code
  • Mobile phone (SMS text or voice call)
  • Office phone (voice call)
  • Security questions

• What authentication methods are supported for MFA?

  Some multi-factor authentication methods are more secure than others. None of these methods can be used to reset your password, but most replace the need to use a password. To find the best option for your needs, continue below:

  Good Option (least secure but still supported)

  Microsoft Authenticator with Push Notification

  1. Supported on iOS, iPadOS, and Android mobile devices
  2. Primarily used to approve authentication using a password and push notification

  Better Options (more secure)

  Microsoft Authenticator Passwordless Phone Sign-In

  1. Recommended sign-in option for Lilly-provided macOS computers, iPhones, and iPads.
  2. Ideal for contingent workers using their own company-provided business computers and Lilly employees using personal computers at home.

  Best Options (most secure)

  Windows Hello for Business

  1. Utilizes a PIN or biometric gestures (face or fingerprint)
  2. Recommended sign-on option for Lilly-provided personal Windows computers

  FIDO2 Security Key

  1. Can be used instead of a mobile device, and works on USB and NFC-capable devices
  2. Any Lilly worker can order a YubiKey 5 FIPS series security key at this link
  3. Follow the provided instructions to set up your security key once received.

  Microsoft Authenticator Passkey

  1. Uses a mobile device and creates a non-transferrable authentication method using Microsoft Authenticator
  2. Utilizes biometrics and proximity by detecting if Bluetooth is enabled
  3. Follow the provided instructions to set up a passkey here.

• Is MFA required to access Lilly applications?

  All Lilly business accounts will be required to perform MFA to access most applications by the end of 2025.

  For Personal Privilege Accounts, device compliance and MFA are mandatory. We will also allow authentications via Privileged Session Manager and Citrix.

• Can I delete the PingID app from my device?

  Not all applications have migrated from the PingFederate platform to Azure AD for federation. The PingID app will still be required for these applications.

General

• What are the available URLs for password management at Lilly?

  Password management at Lilly is currently branded as Self Service Password Reset (SSPR). Therefore, the primary URL is https://sspr.lilly.com. However, we also established https://password.lilly.com as a vanity URL so either one will work.

• How do I obtain support if I am having an issue?

  Please review these Frequently Asked Questions and/or the available Job Aids for assistance.

  If you don't see your question addressed, we encourage you to post it to the Adopting Identity Services community on Viva Engage.

  For technical assistance not addressed in the FAQs or Job Aids, please contact the appropriate Lilly IT Service Desk for your region to open an incident and have it assigned to the MFA-SUPP-GLB queue for assistance.

• What should I do if I receive a Bitlocker Recovery screen while attempting to start my device?

  If you receive a Bitlocker Recovery screen while starting your device, you will need to request a recovery key by following the instructions in this Bitlocker Self-Recovery Article.

• How can I avoid a possible account lockout problem?

  We recommend monitoring your email for notifications that your Lilly account password is about to expire and complete the steps to reset your password.

  If you have a Lilly-provided computer, we recommend you change your password from your Lilly computer before it expires by following these steps:

  1. Press Ctrl+Alt+Delete.
  2. Select CHANGE PASSWORD.
  3. Enter Old password, Create new password, and Confirm new password.
  4. Select Submit.

• When trying to reset my password, I receive the message "Please enable cookies in your browser". How can I correct this issue?

  Please ensure the "Block third-party cookies" setting is disabled.

  On Microsoft Edge, this setting can be found in Settings under "Cookies and site permissions" and select "Manage and delete cookies and site data".

• I have my sign-in methods registered. Why was I just prompted with "Your organization needs more information" and routed to verify my authentication information?

  To ensure data accuracy, you will be asked to re-confirm your registered authentication methods every 180 days.

• What should I do if the organization I work for also uses Office 365?

  You will need to use a private browser session to prevent your company credentials from being used or create a separate profile so the browser can remember that you have logged on to Lilly.

  To open a private browser session, do the following:

  • On an Edge browser select the three dots in the upper right corner, then select New InPrivate window.
  • On a Chrome browser select the three dots in the upper right corner, then select New Incognito window.

  To create a separate profile, do the following:

  • On an Edge browser select the three dots in the upper right corner, then select Settings, then select + Add profile.
  • On a Chrome browser select the person icon in the upper right corner, then select + Add."

Passwords

• How do I change my password?

  Please follow the instructions in the How to Change your Password job aid.

• Can I still use Ctrl+Alt+Delete to change my password?

  Yes. This feature is available on Lilly-provided Windows computers. Once you enter Ctrl+Alt+Delete you will select Change a Password which will redirect you to change your account password directly from your Security info page. This is the preferred method for Windows.

• When I change or reset my password, which account is changed or reset?

  Self Service Password Reset will only change or reset the password for your standard user account associated with your Username/Email Address (Lilly System ID). If you access other applications that do not use the Lilly Single Sign-on Service, your account password cannot be changed via the SSPR site.

• How do I help my employee change their password?

  For step-by-step instructions on how to authenticate an employee or contingent worker, follow the instructions in this article.

  Workers should attempt to reset their own password before this process is used.

Microsoft Authenticator

• What kinds of mobile devices are supported for Microsoft Authenticator?

  Microsoft Authenticator is supported on iPhones, iPads, and Android for MFA using push notifications or passkeys. Phones manufactured by Huawei or devices that do not connect to the Apple App store or Google Play store may not be supported.

  Employees and Contingent Workers with iOS or Android mobile devices can configure Microsoft Authenticator for passwordless authentication using the guide found on the Discovering IT portal. Additionally, a passkey can be setup by following the guide here

• How many devices can be registered to use Microsoft Authenticator?

  Users can register up to five authenticator apps, including Microsoft Authenticator, at a time.

Security Keys

• Are security keys supported for MFA or SSPR?

  Security keys provided by Lilly after March 2023 (YubiKey 5 and YubiKey Bio devices) are supported as a FIDO2 passwordless sign-in method. They can be used to sign in to any application using Lilly Single Sign-on, including Microsoft Office 365. Follow this job aid to set up and begin using your FIDO2 Security Key.

  Security keys cannot be used directly for self-service password reset. A different sign-in method for this purpose, such as Microsoft Authenticator is required. But they can be used to change your password at My Sign-Ins (Microsoft.com).

Security Questions

• Who has access to my security questions and answers?

  Security questions and answers are stored privately and securely within the directory. Security questions and answers are not able to be read or modified by other users.

• Are security answers case sensitive? What are other requirements of security answers?

  Yes, answers to security questions are case sensitive.

  Answers to security questions must be at least three (3) and at most forty (40) characters in length. Any valid Unicode character may be used in an answer.

  The same answer cannot be provided to more than one security question.

• What is the acceptable date format for security answers?

  There is no mandatory format for dates in security answers. It is recommended to use a consistent format such as DD-MMM-YYYY (e.g., 01-JAN-2017) to ease answering the question during a password reset.

• How many security questions are required for registration? How many questions are required to be answered for a password reset?

  Security questions are an optional authentication method to use for Self Service Password Reset.

  If selected for registration, you will be required to register five (5) security questions and answers.

  When used for password reset, you will be required to successfully answer three (3) of your five (5) registered questions.

• What if I forgot the answers to my security questions and cannot reset my password?

  You will need to contact your Lilly manager or sponsor who will need to verify your identity using the instructions in the How to Authenticate a User process.

Personal Privileged Accounts (PPAs)

• What are the differences for MFA and SSPR between a standard account and a PPA?

  The user authentication experience will be largely the same when comparing standard user accounts and PPAs. Certain authentication methods may be restricted from PPAs. Current restricted methods include:

  Phone-based passwordless. Phone-based passwordless can be configured for multiple accounts. Note, the Microsoft Authenticator app can still be used for MFA (via push notification or one-time passwords) for multiple accounts on the same device.

  PPAs cannot use SSPR, as PPA passwords are managed in CyberArk.