8.12 Sending Notifications for Expiring Passwords

Self Service Password Reset has the ability to send emails to users warning them their passwords are about to expire. In Self Service Password Reset 4.4 or later, you can use an LDAP director or a remote database to send the password expiration notifications. Prior release of Self Service Password Reset only supported an external database.

To enable these email notifications for your users, you must properly configure Self Service Password Reset to enable and send the password expiration notifications. Use the following information to configure Self Service Password Reset to send the email notifications.

8.12.1 Configuring Self Service Password Reset for Password Expiration Notifications

The steps for configuring Self Service Password Reset for password expiration notification are different depending on if you store the users’ information on a remote database or an LDAP directory Use the following information to configure password exploration notifications.

Configuring Self Service Password Reset for Password Expiration Notifications with a Remote Database

If you use a remote database to store the users’ information for Self Service Password Reset, you must use the following steps to configure password expiration notifications for users.

  1. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

  2. In the toolbar, click your name.

  3. Click Configuration Editor.

  4. Click Settings > Password Expiration Notification > Storage Mode.

  5. Select Remote Database.

  6. Click Settings > Application > Session Management > Node Service Enabled.

  7. Select Enabled (True).

  8. Click Settings > Application > Session Management > Node Service Storage Mode.

  9. Select Remote Database.

  10. Click Save changes.

  11. Configure the email password notification settings in the Configuration Editor. For more information, see Enabling the Emails for Password Expiration Notifications.

Configuring Self Service Password Reset for Password Expiration Notifications with an LDAP Directory

If you use an LDAP directory to store the users’ information for Self Service Password Reset, you must use the following steps to configure password expiration notifications for users.

  1. (Conditional) If you have upgraded to Self Service Password Reset 4.4, ensure that you extend the schema. For more information, see Configuring the LDAP Directories in the Self Service Password Reset 4.8 Installation Guide.

  2. Ensure that you have a functional LDAP test user configured. For more information, see Configuring LDAP Directory Profile.

  3. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

  4. In the toolbar, click your name.

  5. Click Configuration Editor.

  6. Click Settings > Password Expiration Notification > Storage Mode.

  7. Select LDAP Directory,

  8. Click Settings > Application > Session Management > Node Service Enabled.

  9. Select Enabled (True).

  10. Click Settings > Application > Session Management > Node Service Storage Mode.

  11. Select LDAP Directory.

  12. Click Save changes.

  13. (Conditional) If you do not want to use the default attribute of pwdData to store the user data, you can use on the of the other attributes in your LDAP directory. To change the default attribute:

    1. In the toolbar, click your name.

    2. Click Configuration Editor.

    3. Click LDAP > LDAP Directories > default > User Attributes > Application Data Attribute.

    4. Click Add Value.

    5. Specify the appropriate attribute, then click OK.

    6. Click Save changes.

  14. Configure the email password notification settings in the Configuration Editor. For more information, see Enabling the Emails for Password Expiration Notifications.

8.12.2 Enabling the Emails for Password Expiration Notifications

After you have configured Self Service Password Reset to use a remote database or an LDAP directory for password expiration notification, you must configure the setting to send the emails to the users. Use the following steps to send password expiration notifications to your users.

  1. Ensure that you have enabled email notifications in the Configuration Editor. For more information, see Configuring Email Notification Settings.

  2. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

  3. In the toolbar, click your name.

  4. Click Configuration Editor.

  5. Click Settings > Password Expiration Notification.

  6. Enable this option, define one or more filters to find the users that will receive the notification emails, and then define when to send the email.

  7. Click Settings > Email > Email Templates > Password Expiration Notification Email.

  8. Define the content of the email template that your users receive when their passwords are about to expire.

  9. In the toolbar, click Save changes, then close the Configuration Editor.

8.12.3 Verifying the Password Expiration Notification Configuration

After you have configured Self Service Password Reset for password expiration notifications, you can verify that the configuration is working. You can view the job that runs that sends the emails to your users.

  1. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

  2. In the toolbar, click the Home.

  3. On the Home page, click Administration.

  4. Click Data Analysis > Directory Reporting > Report Engine Status.

  5. Click Start to view the report.

  6. Click Summary to view the information about the job that ran to send the emails to the users.

  7. (Conditional) If you are using a remote database and you have clustered Self Service Password Reset, ensure the password notification service runs on the master node of the cluster.