Enable Password reset

Complete this procedure to enable users to reset their password during authentication.

Configure password reset

1.      Click > Policies > Authenticators. The Authenticators page appears.

2.      Select Password Reset. The Password Reset settings appears.

3.      Select Enable Forgot Password to enable users to reset their password during authentication.

Note: You must also modify your Identity as a Service resource rules to enable password reset. See Manage password reset  for more information.

4.      From the Second Factor Authenticators Allowed to perform a Password Reset list, select the second-factor authentication methods. Note the following when selecting second-factor authenticators:

a.      Drag and drop the selected authentication methods in order of preference.

b.      Users resetting their password are prompted to complete the authentication challenge at the top of the list before being able to reset their password.

c.      If the user does not have that type of authenticator, they are prompted to use the next authenticator on the list.

d.       If they do not have any of the authenticators on the Second Factor Authenticators Allowed to perform a Password Reset list they cannot reset their password.

Note: Selecting Temporary Access Code as an allowed authenticator only enables completing a Temporary Access Code authentication challenge to perform a password reset. Temporary Access Codes cannot be used to complete a Grid Card, OTP, or Token challenge that is required before resetting a password.

5.      Optional: Select Additional second-factor.

Users are required to complete a second-factor authentication before being able to reset their password. If you select Should we ask for an additional second-factor when resetting a password? the user must complete two of the second-factor authentication challenges in the second-factor list.

Attention: While Password Reset requires only one second-factor authenticator, Entrust recommends that you select this option to require that users provide two second-factor authenticators when resetting their password. In addition, the password reset second-factor policy does not apply to the Entrust Identity mobile app. For more information on the Entrust Identity mobile app, see https://www.entrust.com/resources/identity-and-access-management/support/entrust-identity-app.

6.      Select Unlock User Account to unlock the user's account and prompt the user to optionally reset their password.

7.      Select Send user account lock/unlock email notification to send an email to users when there is a password lock, unlock, or unlock attempt on their account.

8.      Select Allow Email OTP delivery to send an OTP to a user's email address. If deselected, the user receives the OTP by SMS or VOICE.

9.      Select Do not use IP Address for Resource Rule Risk Factors if you only want to use the IP address for Audits but not for the resource rule risk conditions.

Note: This setting appears only if you select One Time Password as a second-factor allowed for password reset.

10.  Click Save.