Get Password Reset settings
GET/api/web/v1/settings/passwordreset
Get the password reset settings. Caller requires the SETTINGS:VIEW permission.
Responses
- 200
- 400
- 401
- 403
- 404
- 409
Successful
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Flag indicates if ignore ip address for rba will be allowed or not.
Possible values: [MACHINE
, PASSWORD
, EXTERNAL
, KBA
, TEMP_ACCESS_CODE
, OTP
, GRID
, TOKEN
, TOKENPUSH
, FIDO
, SMARTCREDENTIALPUSH
, PASSWORD_AND_SECONDFACTOR
, SMART_LOGIN
, IDP
, PASSKEY
, IDP_AND_SECONDFACTOR
, USER_CERTIFICATE
, FACE
]
The list of second factor authenticator types that can be used during a password reset operation.
For a KBA authenticator, it is the number of questions that the user must answer--not supported if these settings are part of a Group Policy (not the Global Policy).
Indicates whether an email should be sent to notify the user account has been locked, unlocked, or an attempt of unlock has occurred.
Indicates if OTP can be sent to email.
Indicates whether password reset is enabled.
groups
object[]
deprecated
Groups that can perform a password reset operation--not supported if these settings are part of a Group Policy (not the Global Policy).
When the group was created.
The externalId of this group.
The UUID of this group. This value is generated when the group is created.
When the group was last modified.
The name of this group.
Possible values: [LDAP_AD
, MGMT_UI
]
The type of group indicating if this group was synchronized from a directory (LDAP_AD) or was created in Identity as a Service (MGMT_UI).
Indicates whether two forms of second factor authentication must be completed before a password reset operation can be done.
Indicates whether the user account should be unlocked after a password reset operation is completed.
Indicates the version of this model.
For a KBA authenticator, it is the number of questions that the user could answer incorrectly and still be considered a valid response--not supported if these settings are part of a Group Policy (not the Global Policy).
{
"allowIgnoreIpAddressForRba": true,
"authenticators": [
"OTP",
"TOKEN"
],
"emailAccount": false,
"emailOtpEnabled": true,
"enabled": true,
"twoSecondFactorRequired": true,
"unlockAccount": false,
"version": 1
}
Bad Request
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}
Access denied
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}
Forbidden
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}
Not Found
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}
Conflict
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}