keycloak-scim/docs/documentation/server_admin/topics/login-settings/forgot-password.adoc

48 lines
1.8 KiB
Text
Raw Normal View History

2016-05-16 21:01:21 +00:00
== Enabling forgot password
2016-05-16 21:01:21 +00:00
If you enable `Forgot password`, users can reset their login credentials if they forget their passwords or lose their OTP generator.
2016-05-16 21:01:21 +00:00
2021-02-11 20:45:00 +00:00
.Procedure
. Click *Realm settings* in the menu.
2021-02-11 20:45:00 +00:00
. Click the *Login* tab.
+
.Login tab
image:images/login-tab.png[Login Tab]
2021-02-11 20:45:00 +00:00
+
. Toggle *Forgot password* to *ON*.
+
A `Forgot Password?` link displays in your login pages.
+
.Forgot password link
image:images/forgot-password-link.png[Forgot Password Link]
+
. Specify `Host` and `From` in the *Email* tab in order for Keycloak to be able to send the reset email.
+
. Click this link to bring users where they can enter their username or email address and receive an email with a link to reset their credentials.
+
.Forgot password page
image:images/forgot-password-page.png[Forgot Password Page]
2016-05-16 21:01:21 +00:00
2021-02-11 20:45:00 +00:00
The text sent in the email is configurable. See link:{developerguide_link}[{developerguide_name}] for more information.
2016-05-16 21:01:21 +00:00
2021-02-11 20:45:00 +00:00
When users click the email link, {project_name} asks them to update their password, and if they have set up an OTP generator, {project_name} asks them to reconfigure the OTP generator. Depending on security requirements of your organization, you may not want users to reset their OTP generator through email.
2016-05-16 21:01:21 +00:00
To change this behavior, perform these steps:
2016-05-16 21:01:21 +00:00
2021-02-11 20:45:00 +00:00
.Procedure
. Click *Authentication* in the menu.
. Click the *Flows* tab.
. Select the *Reset Credentials* flow.
+
.Reset credentials flow
image:images/reset-credentials-flow.png[Reset Credentials Flow]
2021-02-11 20:45:00 +00:00
+
If you do not want to reset the OTP, set the `Reset - Conditional OTP` sub-flow requirement to *Disabled*.
. Click *Authentication* in the menu.
. Click the *Required actions* tab.
. Ensure *Update Password* is enabled.
+
.Required Actions
image:images/reset-credentials-required-actions.png[Required Actions]