Access Manager: Resetting a Forgotten Password

system
This article is marked as obsolete.

End users can easily reset their passwords through the main portals, this artcle describes how simple it is to do so using the web-portal as the main example.

 

Password Reset Access Options

Password reset can be carried out across all three interfaces:

  • Web-portal
  • Mobile app
  • Windows desktop integration

The steps for each are identitical except for which authentication factors are requested, this all depends on how the administrator has configured authentication across the system; whether the same authentication flow is across all three interfaces or each has their own individual authentication flow.

The remainder of this article details the web-portal and where neccessary provides some examples of mobile and desktop password reset.

 

The Process

Access to the system and carrying out any self service function follow a few simple steps:

  1. Select Action
  2. User Identificaton
  3. User authentication
  4. Self service action

The final step merely indicates that the requested action is then available. The remaining steps are detailed next.

 

Select Password Reset Action

The password reset action can be found by selecting Forgotten My Password from the web-portal:

 

From the Mobile app:

 

 

The first item from the Desktop component under the login prompt titled, Forgotten your Password?:

 

Step 1: Identification

As with most systems the username is the means by which a user identifies him/herself and Nervepoint Access Manager is no different.

 

Step 2: Authentication

With the username entered the next step requires the user validate that he/she is the owner of the identity through a number of authentication steps. Depending on the number of authentication factors configured by the admin this could be 1 or several steps. The example below shows an authentication statge consisting of two steps.

Captcha Authentication

 

Passphrase Authentication

 

Step 3: Set New Password

With authentication successful the final steps is to define a new password. If the user is linked to multiple accounts they can select if the reset should be applied to all accounts or a specific one.

 

If the connecting backend user datastore has a password policy defined it will be visible on this page so that end users can make sure their new passwords follow the required complexity rules.

 

Step 4: Password Changed and Notification Sent

With the new password set Nervepoint Access Manager sets the password and sends out an email notification to the end user confirming the action carried out.

 

If any stage Nervepoint Access Manager finds an issue it will be highlighted in the above summary.

A successful password reset via Desktop does not provide a summary instead a dialog is visible on success or failure as shown below.

 

An email will have been sent to the end user and the new password active immediately.