In certain situations, Support may not be able to send the password reset email to an end user's primary email address. Instead, it will send a reset email to the end user’s secondary email address that directs them to contact your company directly so they can verify their identity and reset their Support password.

The email looks like this:

You need to verify your email address to reset your password. Contact [company name] at [email address] to fix this.

If this wasn't you, contact [company name] at [email address].

This may occur when the following criteria are met:

• Single sign-on (SSO) is disabled.

  If SSO is turned on, you can't send password-reset links to end users.

• The end user’s primary email address is undeliverable.
• The end user has a secondary email address.
• The end user submitted a request via email to reset their primary email address.

After the end user receives the reset email, you and the end user need to complete these steps:

1. The end user verifies their secondary email address or changes their primary email address.
2. An agent manually resets the end user’s password or updates their email address on file.

   Resetting passwords for end users is different from setting passwords for users. Even if admins don't have permission to set passwords for users, they can still send end users password reset emails.

Zendesk recommends that you not activate the option for admins to manually set passwords for security reasons. It prevents hackers from using social engineering techniques to deceive well-meaning people into providing confidential information.

For example, one technique used by hackers is to repeatedly call or spoof-email a support center posing as a frustrated customer who forgot their password and is unable to recover it, and persisting until an agent has no choice but to change the password manually for the irate customer. Once the password is changed, the hacker has access to confidential information.

Rather than allow admins to set passwords for users, it is best to allow users to leverage user registration, change password and forgot password flows to manage their own passwords so admins never have access to a user's password.

Account owners can allow admins to set passwords for users. Remember, Zendesk recommends that you not activate this option for security reasons. You must be an account owner to allow admins to set passwords.

To allow admins to set passwords for users

1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
2. On the Passwords tab, select Enable admins to set passwords.

   You must be the account owner to see this setting.

3. Click Save.

   When the admins sets passwords for users, users receive an email letting them know the administrator has set their password.

If allowed by the account owner, admins can manually set passwords for users.

You can also set user passwords through the API (see Set a User's Password in the developer docs).

To set a team member's password

1. In Admin Center, click People in the sidebar, then select Team > Team members.
2. Find the agent's name, click the options menu icon () on that row, and select Manage in Support.
3. On the user's profile page, click the Security Settings tab and click Set in the Password section.
4. Enter a new password for the user.
5. Click Save.