Password Reset is a web application that can be used for resetting a forgotten password for a password authentication method (i.e. the type is SPI Password).

These pages describes how to install and configure the Password Reset application. By default it is not enabled nor fully configured, because many installations do not require password reset functionality

Requirements

For successful integration, the following conditions should be met:

Ubisecure SSO 8.3.0 or later
Ubisecure SSO Management Console or Management API is accessible with administrative privileges
- this document describes the installation steps in Management Console
Ubisecure installation directory is accessible

Password Reset application workflow

User initiates password reset by entering their login name.
Password Reset application searches the user account from the password method's directory using the given login name.
- If account is found, password reset initiates authentication using Unregistered SMTP OTP or Unregistered SMS OTP method in SSO.
User receives a One-Time-Password (via email or SMS, depending on which OTP method was used).
User enters the received OTP in the Password Reset application.
Password Reset application validates the OTP.
- If the OTP is correct, user then is allowed reset their password

Clustered Environment with Password Reset

Password reset can be used in a clustered configuration, when the following requirements are met:

Reverse proxy must use sticky-sessions mode, so that all requests during a user's password reset session are directed to a single node in the cluster.
SSO server nodes must use REDIS. See Cluster installation - SSO v8.3

Distinction of Password and Password Reset

Up to Ubisecure SSO 8.2 the feature of resetting a forgotten password used to be part of Password application, denoted as password/reset to separate it from the password/change, which was to fulfill a different use case of changing a remembered password. Both were implemented inside one application Password. Starting from Ubisecure SSO 8.3 the password/change and password/reset are now two separate applications, namely Password and Password Reset. Password application's primary focus will only be the password change, while the new Password Reset application is the primary application for resetting the password.

Password reset functionality in the Password application is now deprecated and will be removed in future versions. Exact time for removal is still undecided, but before that we will provide migration instructions to make the transition as smooth as possible.

Browser not supported