10.8:documentation:modules_pwd

Modules - Password reset [pwd-reset]

The module provides the functionality of password reset or, in other words, the recovery of a forgotten password.  Password reset process

Password reset module now doesn't support SQL Server
Version before 1.7.0 doesn't set valid till to password after password reset and password generate. Is highly recommended use version 1.7.0

User can start the process on CzechIdM login page where is a "Forgotten password" link. In the next step, user is required to enter the account identifier. For now, identity email or login are supported and admin can use configuration property to select which of these (or both) can be used.

CzechIdM generates validation token which is sent to the user via notification. After clicking on the link in the notification (usually email), the user is asked to fill in a new password. If password change succeeds (password validation is OK and users can change their own password), then the user can log in to CzechIdM with the new password.

While user finished process with password reset is also set password valid till from default password policy configuration (password max-age attribute).

Password reset module changes user's passwords in CzechIdM or all managed systems depending on the module configuration.

The password reset module generates a new password by default password policy for IdM and all managed systems depending on the module configuration. The form for password generate is part of the password change component.

During password generate is also setup password valid till from default password policy configuration.