Skip to main content

Reset password page configuration

The Identity Management (IdM) tool in SecureAuth® Identity Platform (formerly SecureAuth IdP) contains the Reset Password page for end users. You can configure the Reset Password page to allow end users to reset known passwords, update forgotten passwords, and unlock their own accounts. You can also unlock other user accounts with the Account Management (Help Desk) page.

There are three password reset mode methods: .

  • Enforce mode – Useful for most Active Directory and LDAP use cases. This mode enforces password history requirements like not using a previous password or does not allow frequent password updates.

  • Administrative mode – Useful for SQL-type data stores, in a Help Center environment, and if your data store supports password history checks.

  • Administrative mode with history check – Useful for SQL-type data stores, in a Help Center environment, and if your data store does not support password history checks.

With the above password reset modes, this guide provides information to set up pages for Reset Password and Reset Password + Unlock Account.


  • Data store with service account set with write privileges to modify (needed to change user passwords)

  • If using Active Directory, open the following Outbound Ports for password modification:

    • 139 – DFSN, NetBIOS Session Service, NetLogon

    • 445 – SMB / CIFS, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc

    • 464 – Kerberos Change / Set Password

  • A realm for the Password Reset or Password Reset + Account Unlock page with the following tabs configured before setting up the Post Authentication tab:

    • Overview

    • Data

    • Workflow

    • Multi-Factor Methods

  • (Optional) To use the Password Reset Mode: Administrative Reset with History Check, open this port for password modification: 636 - SSL Outbound Port

  • (Optional) Configure Google G Suite to synchronize directory passwords

Identity Platform configuration

You can set up pages to allow users to reset only their password, or reset their password and unlock their account.