Lost ID policy

The Lost ID authentication policy enables users to retrieve their lost or forgotten user IDs. This policy uses the reCAPTCHA mechanism to verify the request originates from a human and a secondary attribute to ensure that only the account owner can start the process. The lost ID is emailed to the user. None of the user's account information is displayed in the browser.

Lost ID Setup

• Ensure the Prerequisites steps are completed.
• Configure the reCAPTCHA Verification mechanism. See Configure the reCAPTCHA Verification authentication mechanism.

• Create an SMTP Server Connection
  1. Log in to the local management interface.

  2. Click AAC

  3. Under Global Settings, click Server Connections.

  4. Click the New Server Connection icon.

  5. Select SMTP.

  6. Complete the connection details of your SMTP server.

  7. Click Save.

  8. Deploy these changes before you continue to the next step.

• Configure the Session Attribute Response mechanism to be used in the Lost ID authentication policy.
  1. Log in to the local management interface.

  2. Click AAC

  3. Under Policy, click Authentication.

  4. Click Mechanism.

  5. Select USC Lost ID - Send ID.

  6. Click Edit.

  7. In the dialog window, select the Properties tab.

  8. Select the Server Connection property and click Edit.

  9. In the dialog window, select the SMTP server connection that is created in the previous step.

  10. Click Save.

  11. Deploy the changes.

HTML templates

• authsvc/usc/lost-id/collectEmail.html
• authsvc/authenticator/email_message/error.html
• authsvc/usc/lost-id/success.html

Email templates

• authsvc/usc/lost-id/email.xml

JavaScript Mapping Rules

• USC_LostId_CollectEmail
• USC_LostId_Success

Lost ID workflow

Upon completion of this flow, the user receives an email message containing the lost or forgotten user ID.

1. The user accesses https://<WebSEAL host>:<port>/mga/sps/authsvc?PolicyId=urn:ibm:security:authentication:asf:uscLostId

2. On this screen, the user is prompted to enter an email address, surname, and complete the CAPTCHA.
   • The template page that is presented is authsvc/usc/lost-id/collectEmail.html
   • The JavaScript that pre-populates the form and validates responses is USC_LostId_CollectEmail

   • If the email address and surname do not match any existing profile, a generic error is returned.

3. An email containing the lost or forgotten user ID is sent to the user.

4. On the next screen, the operation success page is presented.
   • The template page that is presented is authsvc/usc/lost-id/success.html
   • The JavaScript that pre-populates the page is USC_LostId_Success

Parent topic: User Self-Care operations