keycloak-scim/server_admin/topics/login-settings/forgot-password.adoc
2021-09-21 08:58:46 +02:00

41 lines
1.5 KiB
Text

=== Forgot Password
If you enable `Forgot Password`, users can reset their login credentials if they forget their password or lose their OTP generator.
.Procedure
. Click *Realm Settings* in the menu.
. Click the *Login* tab.
+
.Login Tab
image:{project_images}/login-tab.png[Login Tab]
+
. Toggle the *Forgot Password* switch to *ON*.
A `forgot password` link displays in your login pages.
.Forgot Password Link
image:{project_images}/forgot-password-link.png[Forgot Password Link]
Click this link to bring users where they can enter their username or email address and receive an email with a link to reset their credentials.
.Forgot Password Page
image:{project_images}/forgot-password-page.png[Forgot Password Page]
The text sent in the email is configurable. See link:{developerguide_link}[{developerguide_name}] for more information.
When users click the email link, {project_name} asks them to update their password, and if they have set up an OTP generator, {project_name} asks them to reconfigure the OTP generator. Depending on security requirements of your organization, you may not want users to reset their OTP generator through email.
To change this behavior:
.Procedure
. Click *Authentication* in the menu.
. Click the *Flows* tab.
. Select the *Reset Credentials* flow.
+
.Reset Credentials Flow
image:{project_images}/reset-credentials-flow.png[Reset Credentials Flow]
+
If you do not want to reset the OTP, set the `Reset OTP` requirement to *Disabled*.
. Click the *Required Actions* tab. Ensure _Update Password_ is enabled.