Configuring Password Reset Portal login with a passcode
Users can use the passcode they received from their manager to log in to the Password Reset Portal.
To configure login with a passcode
-
In the API Server's installation directory, open the imxclient.exe.config file.
NOTE: If the file is encrypted, decrypt it first.
-
Add the following entry:
<add name="QER\Person\PasswordResetAuthenticator\ApplicationToken" connectionString="<API Server application token>"/>
-
Save your changes to the file.
NOTE: If the file was encrypted beforehand, encrypt it again.
Configuring Password Reset Portal login with password questions
If Web Portal users forget their password, they can login in to the Password Reset Portal with the help of the password questions and set a new password.
To configure the use of password questions.
-
Start the Designer program.
-
Connect to the relevant database.
-
Configure the following configuration parameters:
NOTE: For more information about editing configuration parameters in the Designer, see the One Identity Manager Configuration Guide.
-
QER | Person | PasswordResetAuthenticator | QueryAnswerDefinitions: Specify how many password questions and answers users must enter. Users who do not enter enough or any questions and answers, cannot reset their password.
NOTE: The value must not be less than the value in the QueryAnswerRequests configuration parameter.
-
QER | Person | PasswordResetAuthenticator | QueryAnswerRequests: Specify how many password questions users have to answer before they can reset their password.
NOTE: The value must not be higher than the value in the QueryAnswerDefinitions configuration parameter.
-
QER | Person | PasswordResetAuthenticator | InvalidateUsedQuery: Specify whether users must enter new password questions and answers after successfully resetting their password. In this case, correctly answered questions are deleted.
Recommendations for secure operation of web applications
Here are some solutions that have been tried and tested in conjunction with One Identity Manager tools to guarantee secure operation of One Identity web applications. You decide which security measures are appropriate for your individually customized web applications.
Detailed information about this topic
Using HTTPS
Always run the One Identity Manager's web application over the secure communications protocol "Hypertext Transfer Protocol Secure" (HTTPS).
In order for the web application to use the secure communications protocol, you can force the use of the "Secure Sockets Layer" (SSL) when you install the application. For more information for using HTTPS/SSL, see the One Identity Manager Installation Guide.