Idea ID: 2875363

SSPR Should be able to communicate with local HaveIBeenPwned servers

Status: Under Consideration

Thanks for registering this. We are looking at making this a configurable option to allow the customer to point to another similar REST endpoint to check for the password breaches. 

See status update history


Since SSPR only supports external breach database it is hard to enable this option for quite a good amount of users. Companies do not always want to send their users credentials to external REST APIs even if they are encrypted. I suggest an option where you could connect SSPR to local DB or at leaset send REST calls to API by your own will.

With kind regards,

Sebastian Novak