Password-reset self-service | | Password reset self-service in general. Migration hint Define a flow in User-Self-Service Settings >> Password Reset Flow. |
User verification: OTP via email | | To verify the user identity, send an OTP via email. The user types in OTP in the same browser session. Migration hint In the password reset flow use the E-Mail Identity Verification Step. |
User verification: Link via Email (AI-13448) | | To verify the user identity, send a link via email. The user clicks on the link. The verification may take place in a new browser session. The link may also originate from the Adminapp issued by the helpdesk. |
User verification: Secret questions | | To verify the user identity, ask for answers to secret questions. Migration hint In the password reset flow use the Secret Questions Identity Verification Step. |
User verification: mTAN/SMS | | To verify the user identity, send an OTP via SMS to the user and verify it (in the same browser session). Migration hint In the password reset flow, use the SMS Identity Verification Step. |
User verification: based on auth method | | Choose one of the above user verification types based on the user's current authentication method. Migration hint In the password reset flow, use a Selection Step for Password Reset with a condition involving the Active Authentication Method plugin. |
2nd-factor check Airlock 2FA | | Use Airlock 2FA as a 2nd-factor check in the password reset flow. Migration hint In the password reset flow, use the Airlock 2FA Factor Step. To select one of multiple 2nd-factor, use the Selection Step for Password Reset with a corresponding condition (e.g. Active Authentication Method). |
| | Use Cronto as a 2nd-factor check in the password reset flow. Migration hint In the password reset flow, use the Cronto Factor Step. To select one of multiple 2nd-factor, use the Selection Step for Password Reset with a corresponding condition (e.g. Active Authentication Method). |
| | Use mTAN (SMS) as a 2nd-factor check in the password reset flow. Migration hint In the password reset flow, use the mTAN Factor Step. To select one of multiple 2nd-factor, use the Selection Step for Password Reset with a corresponding condition (e.g. Active Authentication Method). |
| | Restrict the password reset feature to users with certain properties (e.g. locked users). Migration hint Use the property Restrictions in the Password Reset Flow plugin. |
Feedback if user does not exist (user enumeration protection) | | Configure feedback given to the end-user in the case that the specified user does not exist. This can be used to either enable or disable user enumeration protection. Migration hint Configure plugin Default Password Reset Restrictions in the property Restrictions in the Password Reset Flow plugin. |
| | Transform the user name provided by the end-user. Migration hint Use property Username Transformers in the Password Reset Flow plugin. |
| | The end-user must solve a CAPTCHA before being able to start the password reset flow. |
| | Option to let the user order a new password letter instead of setting a new password. Migration hint In the password reset flow, use the Password Letter Order Step (Password Reset) plugin. Combine it with a Selection Step for Password Reset to give the end-user a choice. |