10.5.1 Configuring Self Service Password Reset

In the B2C access management deployment, the following requirements are achieved using Self Service Password Reset:

  • User account creation during self-registration

  • User account creation during social registration

  • User account activation for the agent registration

  • Password recovery for user accounts

  • Profile update for user accounts

  • Account deletion

  • Change password

Perform the following tasks in Self Service Password Reset to achieve these requirements:

  1. Log in to Self Service Password Reset as an administrator.

  2. In toolbar, click your username and select Configuration Editor.

  3. Create a general profile for self-registration.

    For more information, see Enabling Self-Registration.

  4. Create a social profile for social registration.

    Form more information, see Enabling Self-Registration Using Social Login Information.

  5. Enable and edit the User Activation profile for agent registration.

    Form more information, see Configuring the User Activation Profile Module.

  6. Enable and edit the Forgotten Password profile to enable the users to reset password and login again.

    For more information, see Configuring the Update Profile Module.

  7. Enable and edit the Update Profile profile to enable the users to update their profiles.

    For more information, see Configuring the Update Profile Module.

  8. Edit the Delete Account profile to enable users to delete their profile.

    Fore more information, see Enabling User Deleting Capabilities.

  9. Enable the Change Password profile to enable users to change their passwords. This is the default profile for change password, you can edit this profile to change the default behavior.

    For more information, see Configuring the Change Password Module.

  10. Click Modules > Public > New User Registration > New User Settings and select Enabled.

  11. Click Security > Web Security. Specify the following URLs in Redirect Whitelist:

    • https://www.b2c.com

    • https://idp.b2c.com:8443/nidp

  12. You can define various URLs in Self Service Password Reset configuration to redirect the user to a logical page after the completion of each task.

    To define these URLs, click Settings > Application > Application and set up the following URLs:

    • Set up a Site URL. For example, https://www.b2c.com/sspr

    • Set up a Forward URL. For example, https://www.b2c.com/portal/index.html

    • Set up a Logout URL. For example, https://www.b2c.com/AGLogout

    • Set up a Home URL. For example, https://idp.b2c.com:8443/nidp/portal

Enabling Self-Registration

To enable user self-registration, you must create a profile in Self Service Password Reset.

Perform the following steps to create a profile:

  1. Create a new New User Profile profile using a unique profile name. For example, General.

  2. Click Modules > Public > New User Profile > General.

  3. Edit Creation Context in the General profile to match the context in the LDAP directory where users are created. For example, ou=users,o=novell.

  4. Edit the form based on the information that you require from users. A standard form contains the following fields:

    Name

    Label

    cn

    User Name

    givenName

    First Name

    sn

    Last Name

    mail

    Email

    mobile

    Mobile

    NOTE:If your LDAP store is Active Directory, cn will be sAMAccountName.

  5. Delete the default definition in LDAP Entry ID Definition if cn is part of the user configured in the previous step.

  6. (Optional) You can select Enable New User Email Verification and Enable New User SMS Verification based on your verification requirement.

  7. Set up After Registration Redirect URL for the New User Registration general profile. For example, https://www.b2c.com/portal.

  8. If the Self Service Password Reset configuration for forgotten password is challenge/response then After Registration Redirect URL is the Access Gateway URL. For example, https://www.b2c.com/sspr/private/setup-responses.

  9. Select Prompt User for Password to prompt user to provide a password during registration.

  10. Now, users can register themselves using the /sspr/public/newuser/profile/General URL.

For more information on how to configure profiles in Self Service Password Reset, see Configuring Profiles in the Self Service Password Reset 4.2 Administration Guide.

Enabling Self-Registration Using Social Login Information

Perform the following steps to configure Self Service Password Reset to enable user registration using social networking accounts:

  1. Create a new New User Profile profile using a unique profile name. For example, Social.

  2. Edit Creation Context in the social profile to match the context in the LDAP directory where users are created.

    For example, ou=users,o=novell.

  3. Edit the form based on the information that you require from user. A standard form contains the following fields:

    Name

    Label

    cn

    User Name

    displayName

    Full Name

    sn

    Last Name

    mail

    Email

    carLicense

    Unique ID

    NOTE:If your LDAP store is Active Directory, then cn will be sAMAccountName.

  4. Delete the default definition in LDAP Entry ID Definition if cn is part of the form configured in Step 3.

  5. (Optional) You can select Enable New User Email Verification and/or Enable New User SMS Verification based on your verification requirement.

  6. Deselect Prompt User for Password to ensure that the user is not prompted for password.

  7. Click Settings > Web Services > REST Services.

    Perform the following steps in REST Services:

    1. Select Enable External Web Services.

    2. Click on Add Value in External Web Services Secret.

    3. Specify a name for the new password. For example, NAMSECRET.

    4. Specify a password and click Store Password. For example, pass@123.

      IMPORTANT:This name and password is used when you configure Access Manager to integrate with Self Service Password Reset. Specify name in API Username and password in API Password while specifying the Self Service Password server details in Identity Server.

      See Section 10.7.1, Configuring Self Service Password Reset Server Details in Identity Server.

    5. Click Usage and select Signing Form Service - /signing/form and Health Service - /health.

    6. Click OK.

    7. Login to Access Manager as an administrator. Navigate to Identity Server > Shared Settings > Self Service Password Reset > Integration Links. Specify a path for profile in Auto Registration URL. For example, /public/newuser/profile/Social.

  8. Now, users can register themselves using the /sspr/public/newuser/profile/Social URL.

For more information on how to register social users using Self Service Password Reset, see Creating Accounts for Social Users in Self Service Password Reset Using the New User Registration Module in Self Service Password Reset 4.2 Administration Guide.

Enabling User Deleting Capabilities

Configure the Delete Account module in Self Service Password Reset to enable users to delete their account information stored in Access Manager. When users delete their own accounts from the B2C portal, the requests are sent through REST API to Access Manager. This configuration is required when you want to delete the complete user history and device registration is configured in the Access Manager contract.

For information about how to enable user delete capabilities, see Deleting User Accounts in Access Manager from the Delete Account Module in Self Service Password Reset 4.2 Administration Guide.

Ensure that you perform the following additional steps:

  • Enable the Delete LDAP Entry option.

  • To logout the user from Access manager after deletion of the user, set up Next URL for Delete Account. For example, https://www.b2c.com/AGLogout.