Configure password resets

At Setup > Password Reset, enable users to reset their Active Directory password. This reduces the number of help desk password tickets and enhances productivity of the user. Users can reset their Active Directory password from the Web Portal sign in page and the Microsoft Windows logon screen, either via a wizard or via service delivery.

See the Ivanti Identity Director Password Reset Guide for more information and scenarios, available at http://success.res.com> Downloads.

Configuration

General tab

Field

Explanation and Tips

Show password reset on

Specify the availability of the password reset functionality.

  • Select Windows logon screen to make the functionality available on the Windows logon screen. Password resets on the Windows logon screen is managed through the Windows Client. This requires that you install the Windows Client on each computer on which you want to offer the password reset functionality.
  • Select Web Portal logon screen to make the password reset functionality available in the Web Portal.
    • Select Include captcha validation to provide extra security. Captcha validation is only available for the Web Portal.
  • Select Mobile clients to make the password reset functionality available in the mobile client.

Reset link text

Specify the text of the password reset link.

People identifier

Specify the identification method of users when they request a password reset.

Service

Specify the service that is delivered as part of the password reset (for example, the default service Self-service password reset - provide through workflow).

  • If you configure a custom service, it must contain at least a workflow action Confirm Transaction.

User instructions

Specify instructions when users click the password rest link.

Status page message

Specify status information.

Redirection URL

Specify a URL of choice after a password reset, rather than the default Web Portal sign-in page.

In certain scenarios, for example when users access the Web Portal from a thin client, redirecting them to the default page may not be user-friendly. You can prevent this by specifying a different URL.

Password input

Specify if password input is provided through the wizard or through a service workflow.

Password attribute

Specify the service attribute that can store the password that the user provides.

  • This field is only available if input is provided through the wizard.
  • You can only select service attributes that are part of the service you selected in the Service field.

Password complexity hints

Configure a password complexity policy. This ensures that passwords provided by your users meet the complexity requirements of your organization. This area is only available if input is provided through the wizard.

  • In the Regular expression field, configure the regular expression that determines the password complexity requirements. In the Web Portal, the provided password by the user is validated according to this regular expression.
    • When you configure a regular expression, you can add flags to the pattern.
    • You can split complex rules in multiple rules, to make it easier to configure the desired policy.
    • Verify the regular expression in the Test field. Green and red coloring indicate if the text field is conform the configured regular expression.
  • In the Password complexity hints field, provide users with information about the characteristics of the new password. In the Web Portal and Windows Client, if the provided password matches a regular expression, the related complexity hint will be marked.

Security questions tab

Field

Explanation and Tips

Security questions

Specify the number of questions in the wizard.

  • This field is only relevant if you selected Wizard to include a page for end user to provide input in the Password input field on the General tab.

Questions attribute

This field shows the default people attribute Security Questions and Answers that stores the security questions and answers of the wizard.

  • If you configure a custom service that can reset passwords, make sure it fills this attribute with the security questions and answers that are provided by the user.

Verification code tab

Field

Explanation and Tips

Enabled

Enable code validation.

Service

Specify the service that generates the code and sends it to the user, for example via SMS or e-mail.

  • The delivery workflow of the specified service must contain a Provide Verification Code action. In this action, we recommend to specify a verification code of up to a maximum of 20 characters. Because the code is encrypted, longer codes may exceed the maximum value. This will result in an error and leave the transaction in a Pending state.
  • If you use SMS for code validation, the mobile phone number of the user that requests the password reset must be registered in your environment.
  • To generate a random PIN for this service, you can create a service attribute on the Attributes tab. It is best practice to leave the initial value blank, let its value be set by a Set Service Attribute action and use the function @[RANDOM(x,y)] in its Manual value field. This generates a random PIN every time the service is requested.

    You may also consider adding a Jump action to the workflow, so it jumps back to the Set Service Attribute action if the user provides an incorrect PIN. This generates a new random PIN.

Limit number of attempts

Limit the number of attempts a user can make to provide a verification code during a password reset. This ensures that password resets occur as secure as possible.

Maximum number of attempts

Configure the maximum number of attempts a user can make to provide a verification code during a password reset. This field is only available if you have selected the option Limit number of attempts.

  • You can configure a number from 1-999.
  • The number of attempts left is shown in the Web Portal and the Mobile Client.
  • If the user exceeds the limit, the workflow action in the service that validates the verification code fails.

Generating verification code message

Specify status information about the generation of the code.

Enter verification code message

Specify user instructions to validate the code.

  • The password reset can only continue after a successful validation.

Invalid verification code message

Specify the message that is shown if the provided code is incorrect.

Exceeding maximum number of attempts message

Specify the message that is shown to the user when he exceeds the limit. This field is only available if you have selected the option Limit number of attempts.

Validating verification code message

Specify status information about the validation of the code.

See also

Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other