Authentication on the Password Reset Portal differs from authentication on the Web Portal. Users can log in to Password Reset Portal using the following options:
Detailed information about this topic
NOTE: This step is only required if you are using the ImxClient command line tool to host an API Server locally. For more information about the ImxClient command line tool, see the One Identity Manager API Development Guide.
Users can use the passcode they received from their manager to log in to the Password Reset Portal.
To configure login with a passcode
-
In the API Server's installation directory, open the imxclient.exe.config file.
NOTE: If the file is encrypted, decrypt it first.
-
Add the following entry:
<add name="QER\Person\PasswordResetAuthenticator\ApplicationToken" connectionString="<API Server application token>"/>
-
Save your changes to the file.
NOTE: If the file was encrypted beforehand, encrypt it again.
If Web Portal users forget their password, they can login in to the Password Reset Portal with the help of the password questions and set a new password.
To configure the use of password questions.
-
Start the Designer program.
-
Connect to the relevant database.
-
Configure the following configuration parameters:
TIP: To find out how to edit configuration parameters in Designer, see the One Identity Manager Configuration Guide.
-
QER | Person | PasswordResetAuthenticator | QueryAnswerDefinitions: Specify how many password questions and answers users must enter. Users who do not enter enough or any questions and answers, cannot log in to the Password Reset Portal using their password questions.
NOTE: The value must not be less than the value in the QueryAnswerRequests configuration parameter.
-
QER | Person | PasswordResetAuthenticator | QueryAnswerRequests: Specify how many password questions users have to answer before they can log in to the Password Reset Portal.
NOTE: The value must not be higher than the value in the QueryAnswerDefinitions configuration parameter.
-
QER | Person | PasswordResetAuthenticator | InvalidateUsedQuery: Specify how many new password questions and answers users must enter after they have successfully logged in to the Password Reset Portal. If this option is enabled, correctly answered password questions are deleted after logging in to Password Reset Portal.
Here are some solutions that have been tried and tested in conjunction with One Identity Manager tools to guarantee secure operation of One Identity web applications. You decide which security measures are appropriate for your individually customized web applications.
Detailed information about this topic