Self Service Password Reset sends tokens through email and SMS for secure user authorization. You can configure Self Service Password Reset to send a random token in different scenarios such as during a new user registration and forgotten password recovery. For example, when users try to reset their passwords, Self Service Password Reset prompts them to specify answers to the challenge-responses and sends a token through an email or SMS to the email ID or phone number specified by the user. The user must enter this token into the Password Change form. When the token matches with the token sent by Self Service Password Reset, the system changes the user's password.
Self Service Password Reset also sends tokens for new user registration confirmation.
To configure token settings:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click Settings > Tokens.
Configure the following settings:
You can configure the storage method used to save tokens. Self Service Password Reset supports the following methods:
Use this method to store tokens in the local database. If you select this method, tokens do not work across multiple application instances.
Use this method to store tokens in an external database. If you select this method, tokens work across multiple application instances.
Use this method to create and read tokens. Tokens are not stored locally and work across multiple application instances if they have the same security key.
NOTE:When you select Crypto, ensure that you have configured a security key, otherwise, tokens do not work. For more information about how to configure a security key, see Configuring Security Settings.
Use this method to store tokens in the LDAP directory. Tokens work across multiple application instances. You cannot use LDAP tokens as new user registration tokens.
The system generates tokens by using the length and character configuration options (except when using the Crypto method). When you use the Crypto method, tokens are longer.
Specify the available characters for the email token.
Specify the length of the token.
Specify the time in seconds for which a token is valid. Default value is one hour.
Specify a name for the LDAP attribute token. Self Service Password Reset uses the LDAP attribute to store and search for tokens when you select this option.
In the toolbar, click Save changes.