We are all familiar with the “Forgot Password” capabilities of IdM on the End User Interface. This venerated function has been aiding struggling users reset their password through a series of security questions/procedures. Flavors of this have been around since the early Waveset days.
But now users will find a “Forgot User ID” button next to it now. This will help with the other half of the “I forgot” problem and it has some unique characteristics.
As an implementor, you can turn this whole feature on or off. If on (default), the user will be taken to a new user screen where they can put in a validating email address and one or more user attributes. Of course, you have complete control on what User attributes you want to collect through this screen to aid or screen the user.
Once submitted, Sun IdM will attempt to find a matching user (one only) and send a reset password message with the user ID to the indicated email address. The results of the search are no users found (user notified invalid information), one user found (positive match – email account ID and force password reset), or more than one account returned (developer’s choice on what you want to do here). You can also create an User Correlation Rule to help sift through the possibilities.
And different “login group” can be utilized to check more than one authoritative source to try and identify the user account that matches the user logging in. For example, while UserID is used to find the user in a company LDAP directory, you may want to first quiz the email system to see if the submitted email is valid for the company domain. This might get you more user attributes to help find the exact LDAP account.
Take a good look at the search code behind the new button; it shows a fairly sophisticated searching capability.
Powered by ScribeFire.
Leave a comment