keycloak-scim/docs/documentation/server_admin/topics/login-settings/forgot-password.adoc


[[enabling-forgot-password]]
== Enabling forgot password

If you enable `Forgot password`, users can reset their login credentials if they forget their passwords or lose their OTP generator.

.Procedure
. Click *Realm settings* in the menu.
. Click the *Login* tab.
+
.Login tab
image:images/login-tab.png[Login Tab]
+
. Toggle *Forgot password* to *ON*.
+
A `Forgot Password?` link displays in your login pages.
+
.Forgot password link
image:images/forgot-password-link.png[Forgot Password Link]
+
. Specify `Host` and `From` in the *Email* tab in order for Keycloak to be able to send the reset email.
+
. Click this link to bring users where they can enter their username or email address and receive an email with a link to reset their credentials.
+
.Forgot password page
image:images/forgot-password-page.png[Forgot Password Page]

The text sent in the email is configurable. See link:{developerguide_link}[{developerguide_name}] for more information.

When users click the email link, {project_name} asks them to update their password, and if they have set up an OTP generator, {project_name} asks them to reconfigure the OTP generator.  Depending on security requirements of your organization, you may not want users to reset their OTP generator through email. 

To change this behavior, perform these steps:

.Procedure
. Click *Authentication* in the menu.
. Click the *Flows* tab.
. Select the *Reset Credentials* flow.
+
.Reset credentials flow
image:images/reset-credentials-flow.png[Reset Credentials Flow]
+
If you do not want to reset the OTP, set the `Reset - Conditional OTP` sub-flow requirement to *Disabled*.
. Click *Authentication* in the menu.
. Click the *Required actions* tab.
. Ensure *Update Password* is enabled.
+
.Required Actions
image:images/reset-credentials-required-actions.png[Required Actions]
forgot password 2016-05-16 21:01:21 +00:00
Adding missing explicit IDs for cross-references Closes #27316 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> 2024-02-27 16:32:51 +00:00			`[[enabling-forgot-password]]`
admin-reuse -- Found one more Data Grid link to fix based on a separate PR. 2021-06-17 14:39:30 +00:00			`== Enabling forgot password`
forgot password 2016-05-16 21:01:21 +00:00
Extend documentation for password reset. (#1796) 2023-03-13 10:17:41 +00:00			If you enable `Forgot password`, users can reset their login credentials if they forget their passwords or lose their OTP generator.
forgot password 2016-05-16 21:01:21 +00:00
Reapply login settings topics 2021-02-11 20:45:00 +00:00			`.Procedure`
Updating Server Admin Guide for new Admin Console (#1626) Closes #1575 2022-07-26 15:50:24 +00:00			`. Click Realm settings in the menu.`
Reapply login settings topics 2021-02-11 20:45:00 +00:00			`. Click the Login tab.`
			`+`
admin-reuse -- Found one more Data Grid link to fix based on a separate PR. 2021-06-17 14:39:30 +00:00			`.Login tab`
Preparing Server Admin Guide for RHBK (#1690) Closes #1688 2022-10-05 18:43:15 +00:00			`image:images/login-tab.png[Login Tab]`
Reapply login settings topics 2021-02-11 20:45:00 +00:00			`+`
Updating Server Admin Guide for new Admin Console (#1626) Closes #1575 2022-07-26 15:50:24 +00:00			`. Toggle Forgot password to ON.`
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`+`
Updating Server Admin Guide for new Admin Console (#1626) Closes #1575 2022-07-26 15:50:24 +00:00			A `Forgot Password?` link displays in your login pages.
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`+`
admin-reuse -- Found one more Data Grid link to fix based on a separate PR. 2021-06-17 14:39:30 +00:00			`.Forgot password link`
Preparing Server Admin Guide for RHBK (#1690) Closes #1688 2022-10-05 18:43:15 +00:00			`image:images/forgot-password-link.png[Forgot Password Link]`
Extend documentation for password reset. (#1796) 2023-03-13 10:17:41 +00:00			`+`
			. Specify `Host` and `From` in the Email tab in order for Keycloak to be able to send the reset email.
			`+`
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`. Click this link to bring users where they can enter their username or email address and receive an email with a link to reset their credentials.`
			`+`
admin-reuse -- Found one more Data Grid link to fix based on a separate PR. 2021-06-17 14:39:30 +00:00			`.Forgot password page`
Preparing Server Admin Guide for RHBK (#1690) Closes #1688 2022-10-05 18:43:15 +00:00			`image:images/forgot-password-page.png[Forgot Password Page]`
forgot password 2016-05-16 21:01:21 +00:00
Reapply login settings topics 2021-02-11 20:45:00 +00:00			`The text sent in the email is configurable. See link:{developerguide_link}[{developerguide_name}] for more information.`
forgot password 2016-05-16 21:01:21 +00:00
Reapply login settings topics 2021-02-11 20:45:00 +00:00			`When users click the email link, {project_name} asks them to update their password, and if they have set up an OTP generator, {project_name} asks them to reconfigure the OTP generator. Depending on security requirements of your organization, you may not want users to reset their OTP generator through email.`
forgot password 2016-05-16 21:01:21 +00:00
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`To change this behavior, perform these steps:`
forgot password 2016-05-16 21:01:21 +00:00
Reapply login settings topics 2021-02-11 20:45:00 +00:00			`.Procedure`
			`. Click Authentication in the menu.`
			`. Click the Flows tab.`
			`. Select the Reset Credentials flow.`
			`+`
admin-reuse -- Found one more Data Grid link to fix based on a separate PR. 2021-06-17 14:39:30 +00:00			`.Reset credentials flow`
Preparing Server Admin Guide for RHBK (#1690) Closes #1688 2022-10-05 18:43:15 +00:00			`image:images/reset-credentials-flow.png[Reset Credentials Flow]`
Reapply login settings topics 2021-02-11 20:45:00 +00:00			`+`
fix documentation for resetting OTP in "reset credentials" flow (#26834) The former version stated that the "Reset OTP" step had to be disabled in the "reset credentials" authentication flow in order to keep the OTP unchanged. This leads to an error. More precisely, the "Reset - Conditional OTP" sub-flow has to be disabled. Fixex #26834 Signed-off-by: Michael Schnitzler <schnitzler.michael+github@gmail.com> 2024-02-07 10:51:21 +00:00			If you do not want to reset the OTP, set the `Reset - Conditional OTP` sub-flow requirement to Disabled.
Updating Server Admin Guide for new Admin Console (#1626) Closes #1575 2022-07-26 15:50:24 +00:00			`. Click Authentication in the menu.`
Extend documentation for password reset. (#1796) 2023-03-13 10:17:41 +00:00			`. Click the Required actions tab.`
Updating Server Admin Guide for new Admin Console (#1626) Closes #1575 2022-07-26 15:50:24 +00:00			`. Ensure Update Password is enabled.`
			`+`
			`.Required Actions`
Preparing Server Admin Guide for RHBK (#1690) Closes #1688 2022-10-05 18:43:15 +00:00			`image:images/reset-credentials-required-actions.png[Required Actions]`