Authenticate with Passcode
Authenticate with Passcode
Use this activity to allow users to use passcode for creating or updating Questions and Answers profile. Passcodes are assigned by helpdesk operators to users who have forgotten their passwords and at the same are not registered with Password Manager or have forgotten their answers to secret questions.
You do not need to configure any settings for this activity.
By default, this authentication activity is used in the I Have a Passcode workflow.
For more information on configuring settings for assigning passcodes, see Assign Passcode.
Action Activities
This section describes built-in activities that provide core actions of the self-service workflows, such as Reset password, Unlock account, etc.
Edit Q&A Profile
Edit Q&A Profile
This activity is a core activity of the My Questions and Answers Profile workflow. Use this activity to enable users to create and update their Questions and Answers profiles.
You can also use this activity in the Forgot My Password and Unlock My Account workflows, if you want to force users to update their Q&A profiles after they reset passwords or unlock their accounts. When you use this activity in the Forgot My Password and Unlock My Account workflows, select the Run this activity only if user’s Q&A profile should be updated check box to make users update their Q&A profiles only if the profiles are not compliant with the current requirements.
The activity has the following settings:
- Run this activity only if user’s Q&A profile should be updated. When you use this activity in workflows other than My Questions and Answers Profile, for example, in Forgot My Password and Unlock My Account workflows, select this check box to make users update their Q&A profiles only if the profiles are not compliant with the current Q&A policy.
Reset Password in AD LDS
Reset Password in AD LDS
This is a core activity of the Forgot My Password workflow. The activity allows users to reset passwords in AD LDS instances. If you want to enable users to reset passwords in several systems, configure the Reset password in AD LDS and connected systems activity. For more information on configuring this activity and using One Identity Quick Connect Sync Engine, see Reset Password in AD LDS and Connected Systems.
In this activity you can configure the Enforce password history option. Password history determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.
Before selecting this option, you should consider the following by-design behavior of Password Manager when that the Enforce password history option is enabled:
- Password Manager uses two slots from the password history every time a password is reset. For example, if the password history value defines that users cannot reuse any of the last 10 passwords, then Password Manager checks only the last five passwords. Therefore, it is advised that you double the password history value.
- Having entered a new password that is not policy compliant, users may end up with a randomly generated password they do not know.
The Use auto generated password option enables HelpDesk users to generate a new password during password reset process.
The Use manual password option enables HelpDesk users to reset the password manually.
