- 03 May 2023
- 2 Minutes to read
- Print
- DarkLight
Enhanced Forgot Password
- Updated on 03 May 2023
- 2 Minutes to read
- Print
- DarkLight
Enhanced Forgot Password
RapidIdentity Cloud provides two options to configure as an administrator for users who have forgotten their password. Legacy and Enhanced. We recommend you use the Enhanced method.
Enhanced Forgot Password Behavior
With Enhanced Forgot Password enabled and configured, users will see a Forgot Password prompt at the login box when they are prompted to enter a Password that will enable them to start the Forgot Password Policy that applies to them. Depending on how the policy is configured the user will be able to reset their password by successfully completing the authentication methods such as SMS or TOTP.
Enhanced Forgot Password Configuration
You will need to Configure both a Password Policy if you do not have one as well as a Forgot Password Authentication Policy to fully configure Enhanced Forgot Password. Also you will need to remove the Legacy Forgot Password Help
Configure a Password Policy (if you do not already have one)
Configure a Forgot Password Authentication Policy
- To do this you can go to Configuration - Policies - Authentication Policies and click the + to create a New Authentication Policy
- Name your Policy (ie Forgot Password Policy) and be sure to check the Enabled as well as the Is a Forgot Password Policy check boxes
- Click on the Criteria tab to set the criteria for who this policy applies to. If you are only going to have one policy check the Apply to Everyone check box
- Click on Authentication Methods and select which methods you will require the user to pass to reset their forgotten password. In the example below users will be required to provide the code from their SMS Authentication Method to reset their password. If you select multiple methods end users will be required to authenticate with all methods to reset thier password.
- Click Save to activate the Forgot Password Policy.
- To do this you can go to Configuration - Policies - Authentication Policies and click the + to create a New Authentication Policy
You will want to remove the Forgot My Password Help Link from the login screen when you finish configuring the Enhanced Forgot Password . This is recommended to be done when you configure the Enhanced Forgot Username policy
- To do this you can go to Configuration - Security - Identity Providers - Web Template and scroll to the bottom section of the screen to the Help Links section and click the X on the Forgot My Password option
- To do this you can go to Configuration - Security - Identity Providers - Web Template and scroll to the bottom section of the screen to the Help Links section and click the X on the Forgot My Password option
Please be sure that end users will have the required data as well as setup of the Authentication methods you select.
For example to use SMS to recover password you must have the mobile attribute populated or to use email to recover password you must have the email attribute populated