Password management in the IAM Adminapp

The Password Token Controller plugin is used to enable password management for administrators and the help desk in the Adminapp and the Admin REST API.

Adminapp - menu Users, tab Password


  1. To enable the password management (Adminapp web UI and REST API), do the following:
  2. Go to:
    Adminapp >> Users
  3. Add the plugin Password Token Conroller to the list in property Authentication Tokens.
  4. In the plugin, connect the relevant Password Settings. In the Password Settings plugin, especially note the properties in group Password Management in Admintool.
  5. Configure the other properties as required. See below for selected features and refer to the documentation in the Config Editor.
  6. Make sure the access control settings for password management are set as required: Adminapp >> Access Control >> Password Management

Trigger password reset email

With the Password Token Controller, the helpdesk user may send an email to the end-user to set a new password (or start any other public self-service). If the feature is enabled, the button Send reset email (see screenshot above) is displayed.

  1. To use the feature:
  2. Go to:
    Adminapp >> Users >> Authentication Tokens >> Password Token Controller
  3. Configure a plugin in property Password Reset Self Service:
    • For the Loginapp REST API and UI, use the Flow-Based Password Reset plugin in conjunction with a corresponding public self-service flow (flow continuation concept). See links below for more information.
    • For the JSP-Loginapp use the Email Verification (Password Reset) plugin.