Password Reset policy

The Password Reset authentication policy enables users to reset their passwords. This policy uses the ReCAPTCHA mechanism to verify the request originates from a human. It also uses the Email OTP mechanism and a secondary attribute to ensure that only the account owner can reset the password.

Password Reset Setup

• Ensure the Prerequisites steps are completed.
• Configure the reCAPTCHA Verification mechanism. See Configure the reCAPTCHA Verification authentication mechanism.
• Configure the Email OTP delivery mechanism to be used in the Password Reset authentication policy.
  1. Log in to the local management interface.

  2. Click AAC

  3. Under Policy, click Authentication.

  4. Click Mechanism.

  5. Click Email One-time Password.

  6. Click Edit.

  7. Select the Properties tab and configure the connection to the SMTP server.

HTML templates

• authsvc/usc/password-reset/collectEmail.html
• authsvc/authentictor/macotp/login.html
• authsvc/usc/password-reset/collectPassword.html
• authsvc/usc/password-reset/success.html

JavaScript Mapping Rules

• USC_PasswordReset_CollectEmail
• USC_PasswordReset_CollectPassword
• USC_PasswordReset_Success

Password reset workflow

The Password Reset authentication policy enables users to reset their lost or forgotten passwords with the following workflow.

1. The user accesses https://<WebSEAL host>:<port>/mga/sps/authsvc?PolicyId=urn:ibm:security:authentication:asf:uscPasswordReset

2. On this screen, the user is prompted to enter an email address, surname, and CAPTCHA.
   • The template page that is presented is authsvc/usc/password-reset/collectEmail.html
   • The JavaScript that pre-populates the form and validates responses is USC_PasswordReset_CollectEmail

   • If the email address and surname do not match any existing profile, a generic error is returned.

3. On the next screen, the user is prompted to enter an OTP.
   • The OTP is delivered through an email.
   • The template page that is presented is authsvc/authentictor/macotp/login.html

4. On the next screen, the user is presented with the password reset form.
   • The template page that is presented is authsvc/usc/password-reset/collectPassword.html
   • The JavaScript that pre-populates the form and validates responses is USC_PasswordReset_CollectPassword

5. On the next screen, the account success page is presented.
   • The template page that is presented is authsvc/usc/password-reset/success.html
   • The JavaScript that pre-populates the page is USC_PasswordReset_Success

Parent topic: User Self-Care operations