Chat now with support
Chat with Support

Identity Manager 9.0 LTS - Web Application Configuration Guide

Configuring Password Reset Portal login with password questions

If Web Portal users forget their password, they can login in to the Password Reset Portal with the help of the password questions and set a new password.

To configure the use of password questions.

  1. Start the Designer program.

  2. Connect to the relevant database.

  3. Configure the following configuration parameters:

    NOTE: For more information about editing configuration parameters in the Designer, see the One Identity Manager Configuration Guide.

    • QER | Person | PasswordResetAuthenticator | QueryAnswerDefinitions: Specify how many password questions and answers users must enter. Users who do not enter enough or any questions and answers, cannot reset their password.

      NOTE: The value must not be less than the value in the QueryAnswerRequests configuration parameter.

    • QER | Person | PasswordResetAuthenticator | QueryAnswerRequests: Specify how many password questions users have to answer before they can reset their password.

      NOTE: The value must not be higher than the value in the QueryAnswerDefinitions configuration parameter.

    • QER | Person | PasswordResetAuthenticator | InvalidateUsedQuery: Specify whether users must enter new password questions and answers after successfully resetting their password. In this case, correctly answered questions are deleted.

Recommendations for secure operation of web applications

Here are some solutions that have been tried and tested in conjunction with One Identity Manager tools to guarantee secure operation of One Identity web applications. You decide which security measures are appropriate for your individually customized web applications.

Detailed information about this topic

Using HTTPS

Always run the One Identity Manager's web application over the secure communications protocol "Hypertext Transfer Protocol Secure" (HTTPS).

In order for the web application to use the secure communications protocol, you can force the use of the "Secure Sockets Layer" (SSL) when you install the application. For more information for using HTTPS/SSL, see the One Identity Manager Installation Guide.

Disabling the HTTP request method TRACE

The TRACE request allows the path to the web server to be traced and to check that data is transferred there correctly. This allows a trace route to be determined at application level, meaning the path to the web server over various proxies. This method is particularly useful for debugging connections.

IMPORTANT: TRACE should not be enable in a productive environment because it can reduce performance.

To disable the HTTP request method TRACE using Internet Information Services

  • You will find instructions by following this link:

https://docs.microsoft.com/en-us/iis/configuration/system.webserver/tracing/

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating