Overview
This rule defines the questions, answers, and associated settings needed for users to reset forgotten passwords and unlock their accounts through the Cayosoft Administrator Self-Service Portal.
For details, please see Сonfiguration of Self-Service password & profile management – Cayosoft Help Center.
Self-Service - Password Self-Service Enrollment Details web action settings
Action section
|
Setting name |
Description |
|---|---|
|
Password to encrypt data in AD |
Specify the password to encrypt the data that users fill up in Cayosoft Administrator Self-Service Portal. The data that users fill up in Self-Service are stored in accountNameHistory attribute in an encrypted way. When a user resets the password or unlocks the account, Cayosoft Administrator service needs the data the user provided to perform reset or unlock operations and it uses the specified password to decrypt them. If the password is not specified, user data will be encrypted with the default password. If you have replication configured, you need specify the password only on Publisher, it will be replicated to subscriber automatically on the next replication rule execution. Important: the encrypted data cannot be restored without the password. So if you change the password all existing data will be loss.
|
|
Minimum answer length (characters) |
Specify the minimum number of characters for answers to the questions used for Self-Service enrollment. |
|
Number of questions to enroll |
Select the number of questions (from 1 to 5) that the user must answer for Self-Service enrollment. |
|
Number of questions to authenticate |
Select the number of questions that the user must answer to reset the password or unlock the account. |
|
Questions1 - Questions5 |
Specify the list of questions. |
|
Enable question shared with the Help Desk |
When the shared question is enabled, the user is asked to answer one additional question during enrollment. Selected question and the answer provided by the user are stored in reversible encryption format. Question and answer are also displayed in clear text in Web Interface to a delegated Help Desk person on Validate User command form. |
|
Question shared with the Help Desk |
Specify the list of questions that will be shared with the Help Desk. |
|
More Options |
|
|
Password complexity description
|
By default, the password complexity description is taken from the same setting in Active Directory extension password Generation Options section. You could define the custom text for this web action. |
|
Show/hide answers |
Select whether to hide or show the answers to questions to a user when a user types it. |
|
Show/hide password |
Select whether to hide or show the password to a user when a user types it. |
|
Enforce password domain policies |
Specify whether to enforce the password domain policies for Change my password web action in Self Service and for I forgot my password link in the login page. Password domain policies include password history, password age, length, and domain complexity requirements. |
|
Account lockout invalid attempts |
Specify the number of failed answers attempts that cause a user account to be locked out. |
|
Account lockout period (minutes) |
Specify the number of minutes that must elapse after a failed answer attempt before a user can try again to answer the questions. |
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Output section article.
Change History
| Version | Notes |
|---|---|
| 8.3.1 |
New settings are added:
|
| 7.0.0 | Enforce domain password policies setting is added. |
Comments
0 comments
Please sign in to leave a comment.