6.4 Enabling the User Activation Module

The User Activation module allows first-time users to activate their accounts and set a temporary password. When users create accounts that do not have an established channel to send the passwords to the users, this feature helps the users activating their accounts. Configure the settings to allow only those users to activate their accounts that have never been authenticated. This behavior might differ depending on the configuration and directory type.

To enable user activation:

  1. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

  2. In the toolbar, click your name.

  3. Click Configuration Editor.

  4. Click Modules > Public > Modules > User Activation.

  5. Configure the following settings:

    Enable User Activation

    Enable this option allows users to activate their accounts by clicking Activate Account on the login page.

    Unlock User During Activation

    Enable this option to allow users to try to unlock their user accounts during activation. If true, and if the users' accounts are locked Self Service Password Reset unlocks the users' accounts.

    Token Send Methods

    Select a method for sending the token code to the user. The available methods include:

    • None: The system does not perform a token verification

    • Email Only: Send to email address

    • SMS Only: Send through SMS

    • Both: Send token to both email and SMS

    • Email First: Try to send token through email; if no email address is available, send through SMS

    • SMS First: Try to send token through SMS; if no SMS number is available, send through email

    Activate User Agreement Message

    Specify a message to display to users before they activate their account. You can include HTML tags in the message.

    If you leave this field blank, the system does not display the Activate User Agreement message.

    You can also configure this setting in a different language. Click Add Locale, then select the required language from the list.

    Activate User Form

    Specify the attributes Self Service Password Reset requires a user to provide during user activation.

    Activate Search Filter

    Specify a filter to find users during user activation. Include each attribute configured in Activate User Form in the search filter. Strings encoded with a percent sign (%) are replaced with values supplied by the user.

    For example, if Activate User Form includes cn and sn attributes, the filter is:

    (&(objectClass=person)(cn=%cn%)(sn=%sn%))
    Activation Permission

    Specify and LDAP filter that only allows Self Service Password Reset to active users who match this query. Generally, you only allow users who have never been authenticated and are not disabled to activate. The default example uses the last login time attributes on the user object to determine if the user has never logged in. It is the responsibility of the administrator to ensure this activation feature works correctly. Misconfiguration could potentially result in unintended activations occurring.

    Activation Actions (Before Password Change)

    Specify the actions that the system executes before the user configures a password post-activation. You can use macros. Specify a descriptive name for the action, then click OK to display the available options.

    Post-Activation Actions (After Password Change)

    Specify the actions that the system executes after users activate their accounts and set their initial passwords. You can use macros. Specify a descriptive name for the action, then click OK to display the available options.

  6. In the toolbar, click Save changes.