Enable self-service password handling in Digital Access

This article is valid for Digital Access 6.2 and later.

This article describes how Smart ID Digital Access component is set up so that end users can change and/or reset their own password. This can be used when passwords are about to expire, already have expired or when an end user have forgotten their password.

Prerequisites

A license that enables self-service password reset is available.
Notification channels are set up, see Set up email or sms notification channel in Digital Access.
An authentification method with password is set up, see Set up authentication method in Digital Access.
A user with account operator rights in the Active Directory (AD) or openLDAP is set up. This user can change and reset AD and openLDAP passwords.
The AD has activated LDAPS.

Step by step instruction

Log in to Digital Access Admin

Log in to Digital Access Admin with an administrator account.

Configure user storage

If a user storage shall be used to store users, a certificate authority must be added before the user storage is configured, see Add certificates in Digital Access.

In Digital Access Admin, go to Manage Accounts and Storage.
Click Certificate > Add Certificate Authority...
Select Microsoft Active Directory and click Next.
Enter general settings, see example below.

Example: Settings for user storage

Display Name:AD-users
Host: ad.nexustest.com
Secondary host: (if needed)
Port: 636
Account:HAG_accountoperator
Password: Password for the account
Timeout: 15
Check Use SSL.
Check Password change enabled.
Check Password reset enabled.
Click Next.

Enable end-user password reset

In Digital Access Admin, go to Manage Accounts and Storage.
Click Self Service > Password Reset.
Check Enable End User Password Reset.
Enter settings for the password. For help, click the ?-sign.

Example: Password settings

Reset code validity: 15
Reset code length: 6
Reset code characters: (enter allowed characters in reset code)
Enter SMS and mail messages if applicable.
Check Enable Time Locking of password reset requests.
Enter settings for time locking.

Example: Settings for time locking

Time Lock Time-out: 120
Time Lock Limit: 3
Click Save.

Related information

Links

How to activate LDAPS