The Identity Management (IdM) tool in SecureAuth® Identity Platform (formerly SecureAuth IdP) contains an account unlock feature with the Password Reset page.
Notice
This configuration option can unlock a user account, but it does not display the account's current status on the Account Unlock page. Instead, it shows that the user account is "normal".
To view the account's current status (like normal, locked, and so on) before and after unlocking the account on the Account Unlock page, see Unlock Account (show status) page configuration.
There are three password reset mode methods:
Enforce mode – Useful for most Active Directory and LDAP use cases. This mode enforces password history requirements like not using a previous password or does not allow frequent password updates.
Administrative mode – Useful for SQL-type data stores, in a Help Center environment, and if your data store supports password history checks.
Administrative mode with history check – Useful for SQL-type data stores, in a Help Center environment, and if your data store does not support password history checks.
Data store with service account set with write privileges to modify (needed to change user account statuses)
A realm for the Account Unlock page with the following tabs configured before setting up the Post Authentication tab:
Overview
Data
Workflow
Multi-Factor Methods
You can allow end users to unlock their account or have administrators unlock user accounts in the Help Desk.
In the Forms Auth/SSO Token section, you can optionally configure the token or cookie settings, and single-sign on (SSO) for this realm.
To configure token or cookie settings, see Configure token or cookie settings.
To configure this realm for SSO, see SecureAuth IdP single sign-on configuration topic.
To configure this realm for Windows Desktop SSO, see Windows desktop SSO configuration topic.