Forgot Username page configuration
The Identity Management (IdM) tool in SecureAuth® Identity Platform (formerly SecureAuth IdP) contains the Forgot Username page for end users to retrieve forgotten user IDs.
The Forgot Username page allows end users to give information associated with their data store account to get their username to log in to a protected resource.
Each protected resource page can include a Forgot Username URL link that appears on the login page for the resource. Clicking the link redirects the end user to the Forgot Username page. They enter their information in a defined field like email address, or phone number to confirm the account identity.
Upon validation of the account identity, it sends an email containing the username to the user.
Prerequisite
A realm for the Forgot Username page with the following tabs configured before setting up the Post Authentication tab:
Overview
Data
Workflow
Multi-Factor Methods
Data store configuration
To configure the Forgot Username page, go to the configuration section appropriate for your data store.
Notice
The configuration uses Active Directory integration and its common data fields as an example. The settings are not universal for other LDAP-type data stores, but can be used as a reference.
Go to the Data tab.
In the Membership Connection Settings section, set the following:
Search Attribute
Set to the data store attribute used to retrieve the user ID.
This is the forgotten username provided to the user when they authenticate the forgotten username request.
searchFilter
Change the search filter to accept the user's email address on the initial login page (instead of the username).
This corresponds to the data store field containing the email address. For example, (&( mail =%v)(objectclass=*))
Save your changes.
Change SQL stored procedures
Notice
The configuration uses a SQL data store integration and its common properties as an example. The settings are not universal for other SQL-type data stores (like Oracle, ASP.net, ODBC and others), but can be used as a reference.
To configure a Forgot Username page with an ASP.net data store, see the ASP.net configuration section at the end.
In the SQL data store, you need to create new SQL stored procedures specific to the Forgot Username page. Using the SQL user data store tables and stored procedures configuration provided by SecureAuth, we're going to use email (or another preferred property) as the user ID.
This helps differentiate the stored procedure from the others that employ the username as the user ID.
In the stored procedure name sp_GetUser, replace this with a friendly name like sp_GetUserByEmail.
In the stored procedure line WHERE UserName =@UserName, replace UserName with Email1.
For example, WHERE Email1 = @UserName.
See the following code as an example.
CREATE PROC [dbo].[sp_GetUserByEmail] @UserName VARCHAR(60) AS BEGIN SELECT [UserName] ,ISNULL([GroupList], '') ,ISNULL([PwdLastSet],'1/1/1900') ,ISNULL([AccountStatus], '') FROM UserTable WHERE Email1 = @UserName ENDRepeat this for the following stored procedures, with unique, friendly names:
Get User (new name: GetUserByEmail)
Get Profile (new name: GetProfileByEmail)
Update Profile (new name: UpdateProfileByEmail)
Validate or Get Password: Change only if the user must give a password in the workflow to retrieve a forgotten username. (new name: ValidatePasswordByEmail or GetPasswordByEmail)
See the updated Get User stored procedure as an example shown next.
CREATE PROC [dbo].[sp_GetProfileByEmail] @UserName VARCHAR(60) AS BEGIN SELECT UserName ,IsNull(FirstName, '') FirstName ,IsNull(LastName, '') LastName ,IsNull(Phone1, '') Phone1 ,IsNull(Phone2, '') Phone2 ,IsNull(Phone3, '') Phone3 ,IsNull(Phone4, '') Phone4 ,IsNull(Email1, '') Email1 ,IsNull(Email2, '') Email2 ,IsNull(Email3, '') Email3 ,IsNull(Email4, '') Email4 ,IsNull(AuxID1, '') AuxID1 ,IsNull(AuxID2, '') AuxID2 ,IsNull(AuxID3, '') AuxID3 ,IsNull(AuxID4, '') AuxID4 ,IsNull(AuxID5, '') AuxID5 ,IsNull(AuxID6, '') AuxID6 ,IsNull(AuxID7, '') AuxID7 ,IsNull(AuxID8, '') AuxID8 ,IsNull(AuxID9, '') AuxID9 ,IsNull(AuxID10, '') AuxID10 ,IsNull(pinHash, '') pinHash ,IsNull(Questions, '') Questions ,IsNull(Answers, '') Answers ,IsNull(ChallengeQuestion, '') ChallengeQuestion ,IsNull(ChallengeAnswer, '') ChallengeAnswer ,IsNull(CertResetDate, '1/1/1900') CertResetDate ,IsNull(CertCount, 0) CertCount ,IsNull(CertSerialNumber, '') CertSerialNumber ,IsNull(MobileResetDate, '1/1/1900') MobileResetDate ,IsNull(MobileCount, 0) MobileCount ,IsNull(ExtSyncPwdDate, '1/1/1900') ExtSyncPwdDate ,IsNull(HardwareToken, '') HardwareToken ,IsNull(iOSDevices, '') iOSDevices ,IsNull(OATHSeed, '') OATHSeed ,IsNull(OneTimeOATHList, '') OneTimeOATHList ,IsNull(GroupList, '') GroupList FROM UserTable WHERE Email1 = @UserName SELECT DigitalFP FROM UserFP WHERE Email1 = @UserName SELECT PNToken FROM UserPN WHERE Email1 = @UserName SELECT AccessHistory FROM UserAccessHistory WHERE Email1 = @UserName SELECT OATHToken FROM UserOT WHERE Email1 = @UserName END GO
Identity Platform configuration for SQL data store
Go to the Data tab.
In the Membership Connection Settings section, set the two fields to the friendly user name used in the updated SQL stored procedures. This is specific to the changed Get User stored procedure.
For example, set Get User SP to GetUserByEmail
For example, set Validate/Get Password SP to GetPasswordByEmail
Complete this step only if the user must provide a password in the login workflow on the Forgot Username page. In the Profile Connection Settings section, set the two fields to the friendly user name used in the updated SQL stored procedures. This is specific to the change Get User Profile and Update User Profile stored procedures.
For example, set Get Profile SP to GetProfileByEmail
For example, set Update Profile SP to UpdateProfileByEmail
ASP.net configuration
Complete the following steps for using an ASP.net data store with the Forgot Username page.
Identity Platform versions 9.1 and later supports the ASP.net data store on the Forgot Username page.
Go to the System Info tab and click the edit Web Config file link.
Search for ASPNETMembershipProvider, and add the following line in the ASPNETDB section:
searchFilter="email"
Search for ASPNETProfileProvider, and add the following line in the ASPNETDB section:
searchFilter="email"
Save your changes.
In the ASP.net data store, if the LoweredEmail field is empty, then populate this field.
Forgot Username page configuration
After completing the above configurations applicable to your data store type, do the remaining steps.
Go to the Post Authentication tab.
In the Post Authentication section, set the following.
Authenticated User Redirect
Set to Forgot Username.
Redirect To
This field is autopopulated with the post authentication .aspx page. This is appended to the domain name and realm number in the web address bar. For example, Authorized/ForgotUsername.aspx.
In the Forgot Username section, choose how to deliver the username to the end user (Display on Page or Send in email).
This is the email stored in the data store attribute mapped to the Search Attribute field, or the User ID stored as the UserName in SQL-type data stores.
Save your changes.
Optional configurations for token or cookie settings and SSO
In the Forms Auth/SSO Token section, you can optionally configure the token or cookie settings, and single-sign on (SSO) for this realm.
 |
To configure token or cookie settings, see Configure token or cookie settings.
To configure this realm for SSO, see SecureAuth IdP single sign-on configuration topic.
To configure this realm for Windows Desktop SSO, see Windows desktop SSO configuration topic.
Other form modifications
Client-side form modification
To change the end user login page to show "Email" (or whatever is preferred) instead of "Username".
In the Forgot Username page realm, go to the Overview tab.
In the Advanced Settings section, click the Content and Localization link.
In the Verbiage Editor section, search for the following fields and make these changes.
useridview_userIdLabel
Change Username: to Email:
You can use another term if preferred. This displays on the first login page, prompting the user to give their user ID.
passwordview_userLabel
Change Username: to Email:
You can use another term if preferred. This displays on the next login page, prompting the user to give their password.
Make these changes only if the Forgot Username page login workflow has the username and password on separate pages. The Username / Email field is greyed out and displays the information entered on the previous page.
useridview_usernameplaceholder
Change Username to Email Address.
You can use another term if preferred. This displays as a placeholder on the first login page that goes with the text box for useridview_userIdLabel.
Save your changes.
Forgot username links
Show the Forgot Username page link on another resource page (other Identity Platform realm) so users can retrieve lost credentials.
Go to another Identity Platform realm containing the resource to which you want to include the Forgot Username link.
Go to the Overview tab.
In the Page Content section, set the Forgot Username URL link to the realm number of the Forgot Username page realm.
Use this format: /SecureAuth[ForgotUsernameRealm#]. Replace the entire text within brackets with the Forgot Username page realm number.
Save your changes.