NOTE: This authentication module is available if the Identity Management Base Module is installed.
The authentication module is used for login to Password Reset Portal. The authentication module checks the passcode or the identity’s answers to the password questions. In the case of login with an passcode, this information is deleted after a successful login.
Credentials |
Central user account and passcode. - OR - Central user account and answers to the password questions. - OR - Target system user account and passcode. - OR - Target system user account and answers to password questions. |
Prerequisites |
|
Set as default |
No |
Single sign-on |
No |
Front-end login allowed |
No |
Web Portal login allowed |
No |
Remarks |
The application token for Password Reset Portal must be specified. You set the application token when installing Password Reset Portal. The application token is saved as a hash value in the database in the QER | Person | PasswordResetAuthenticator | ApplicationToken parameter and stored encrypted in the web.config file. |
In the Designer, modify the following configuration parameters so that target system accounts can be used for logging in. If the configuration parameters are not set, the identity’s central user account is used.
Configuration parameter | Meaning |
---|---|
QER | Person | PasswordResetAuthenticator | SearchTable |
Table in the One Identity Manager schema which stores the user information. The table must contain a foreign key with the name UIDPerson (or CCC_UID_Person) that references the Person table. Example: ADSAccount |
QER | Person | PasswordResetAuthenticator | SearchColumn |
Pipe (|) delimited list of columns from the One Identity Manager table (SearchTable) used to search for the user name of the logged in user. Example: CN|SamAccountName NOTE: The QBMSplittedLookup table can be used as a lookup table. SplittedElement can be used as a search column. |
QER | Person | PasswordResetAuthenticator | EnabledBy |
Pipe (|) delimited list of Boolean columns from the One Identity Manager table (SearchTable) enabled by the user account for the login. |
QER | Person | PasswordResetAuthenticator | DisabledBy |
Pipe (|) delimited list of Boolean columns from the One Identity Manager table (SearchTable) disabled by the user account for the login. Example: AccountDisabled |