3.12 Configuring Token Settings

SSPR sends tokens through email and SMS for secure user authorization. You can configure SSPR to send a random token in different scenarios such as during a new user registration and forgotten password recovery. For example, when users try to reset their passwords, SSPR prompts them to specify answers to the challenge-responses and sends a token through an email or SMS to the email ID or phone number specified by the user. The user needs to enter this token into the Password Change form. When the token matches with the token sent by SSPR, the user's password is changed.

SSPR also sends tokens for new user registration confirmation.

You can configure the storage method used to save tokens. SSPR supports the following methods:

LocalDB: Use this method to store tokens in the local embedded LocalDB database. If you select this method, tokens do not work across multiple application instances.

DB: Use this method to store tokens in a configured, remote database. If you select this method, tokens work across multiple application instances.

Crypto: Use this method to create and read tokens. Tokens are not stored locally and work across multiple application instances if they have the same security Key.

NOTE:When you select Crypto, ensure that you have configured a security key. Otherwise, tokens do not work. For more information about how to configure a security key, see Section 3.9, Configuring Security Settings.

LDAP: Use this method to store tokens in the LDAP directory. Tokens work across multiple application instances. You cannot use LDAP tokens as new user registration tokens.

The system generates tokens by using the length and character configuration options (except when using the Crypto method). When you use the Crypto method, tokens are longer.

To configure token settings, perform the following steps:

  1. In Configuration Editor, click Settings > Tokens.

  2. Configure the following settings:

    Field

    Description

    Token Storage Method

    Select a method to store tokens.

    Token Characters

    Specify the characters you want to include in the token.

    Token Length

    Specify the length of the token.

    Token Maximum LifeTime

    Specify the time in seconds for which a token is valid. Default value is one hour.

    Token LDAP Attribute Name

    Specify a name for the LDAP attribute token. When using the LDAP token storage method, this attribute is used to store and search for tokens.

  3. Click Actions > Save.