Resetting password as software company staff admin (not user admin)
I'm building a tool for users to manage their account which includes user licenses and admin levels for teams (think like Adobe Cloud), but also an admin for our staff tech fix account issues. On the user side I've designed a single sign on which includes a reset password mechanism with a temporary link that is submitted via email and expires in 7 days, which directs the user to a form and re-create a new password:
However, tech support still needs to reset password for the user possibly in two cases: -The user can't receive the email because the system has a bug on his email is not working properly
Historically admins on tech support were able to reset the password for the user and used a input field (making the change for the user and giving through the phone). It looks like typing the password was never used or worked for them (I have no more details than a single line description).
1-the first solution was to generate the link (the same SSO creates) however triggered on the tech support admin console, so working the same way and going to the same email. But a could occur that the admin will send the same email again to the user and the user would not receive anything because his email is going to spam box or being filtered by a company email. I thought about a possible solution to include the generated link in side the tech support admin console, so as last resort the admin will send via phone or to another email (in extreme cases that requires urgency after the user is verified). Is there any other option than this? thoughts on this solution?
Note: client audience is technical and niche, so security is NOT a huge issue.