...
- User initiates password reset by entering their login name.
- Password Reset application searches the user account from the password method's directory using the given login name.
- If account is found, password reset initiates authentication using Unregistered SMTP OTP or Unregistered SMS OTP method in SSO.
- User receives a One-Time-Password (via email or SMS, depending on which OTP method was used).
- User enters the received OTP in the Password Reset application.
- Password Reset application validates the OTP.
- If the OTP is correct, user then is allowed reset their password
Clustered Environment with Password Reset
Password reset can be used in a clustered configuration, when the following requirements are met:
- Reverse proxy must use sticky-sessions mode, so that all requests during a user's password reset session are directed to a single node in the cluster.
- SSO server nodes must use REDIS. SeeĀ Cluster installation - SSO v8.3
Distinction of Password and Password Reset
...