Skip to main content

Unlock Account page configuration - Help desk

The Identity Management (IdM) tool contains an account unlock feature with the Password Reset page. This topic covers the configuration settings for an Unlock Account page for help desk administrators.


This configuration option can unlock a user account, but it does not display the account's current status on the Unlock Account page. Instead, it shows that the user account is "normal".

To view the account's current status (like normal, locked, and so on) before and after unlocking the account on the Unlock Account page, see Unlock Account (show status) page configuration.  .

There are three password reset mode methods: 

  • Enforce mode – Useful for most Active Directory and LDAP use cases. This mode enforces password history requirements like not using a previous password or does not allow frequent password updates.

  • Administrative mode – Useful for SQL-type data stores, in a Help Center environment, and if your data store supports password history checks.

  • Administrative mode with history check – Useful for SQL-type data stores, in a Help Center environment, and if your data store does not support password history checks.


  • SecureAuth® Identity Platform release 21.04

  • Data store added to the Identity Platform

    Data store must have a service account set with write privileges to modify. This is needed to change user account status.

  • Configured user authentication policy

Step A: Configure data store setting in the New Experience

  1. For the data store you plan to associate with the Password Reset page, move the slider for Allow Advanced User Checks to the off position.

  2. Save your changes.

Step B: Add and configure Password Reset page

Use the Internal Application Manager to add and configure the Password Reset page.

  1. On the left side of the Identity Platform, click Internal Application Manager.

    Screenshot of Internal Application Manager page.
  2. Click Add New Internal Application.

    The New Internal Application page displays.

    Screenshot of adding a new internal application.
  3. Set the following configurations:

    Internal Application Name

    Set the name of the Password Reset page.

    This name is shown on the page header and document title of the end user login pages.


    If you change this name, it will overwrite any value that is set on the Overview tab in Advanced Settings.

    Internal Application Description

    This is an internal description not shown to end users.

    Data Store

    Enter the data store to authenticate and allow user access to the Password Reset page.


    Use one of the following options:

    • Slider in the On position (enabled): Allow users from every group in your selected data stores access to the Password Reset page.

    • Slider in the Off position (disabled): Enter the specific groups who are allowed access to the Password Reset page.

    Authentication Policy

    Select the user authentication policy for the Password Reset page.

    Authenticate User Redirect

    Select the Identity Management (IdM) category.

    Identity Management (IdM)

    Select Password Reset.

    Redirect To

    This field is automatically populated by the selection of Password Reset as an internal application.

    This is the page the end user lands on after login.

  4. Click Create Connection.

    This creates a new internal application with an attached user authentication policy from the New Experience.

  5. Copy the login URL for your end users to access the Password Reset page.

    You'll need this information to share with your end users.

    You can find this on the main Internal Application Manager page or when you edit the Password Reset configuration in the Redirect Information section.

    Screenshot of the Internal Application Manager page highlighting the login URLs.
    Screenshot of internal application in edit mode, highlighting the login URL.

Step C: Finish configuration in Advanced Settings

Continue to Advanced Settings (formerly Classic Experience) to finish the Password Reset page configurations. Use the configuration option that best fits the needs of your organization.

  1. To complete the Password Reset page configuration in Advanced Settings, do the following:

    • In the Internal Application Manager, with the Password Reset page open in edit mode, go to the bottom of the page and click Go to Advanced Settings... link.

    The link takes you to the Post Authentication tab in Advanced Settings.

  2. In the Password Reset section, click the Configure password reset page link.

  3. In the Password Reset Functions section, set the Password Reset Mode to one of the following options:

    • Enforce Password Change Requirements (Enforce mode) – To enforce password history rules, it must use the current password. If the current password is not given, a random password is set, then used to change the current password.

      Note: Use this option for Active Directory and LDAP directory types and must have password history checks.

    • Administrative Password Reset (Admin mode) – This does not enforce password history rules. The current password is not required for this rule.

      Note: Use this option for SQL directory types and do not need or support password history checks.

    • Administrative Reset with History Check (Admin mode with history check) – Enforces password history rules and does not require current password. This mode is not guaranteed to work with non-AD LDAP data stores. For Active Directory, you need to open SSL outbound port 636.

      Note: This is not supported for eDirectory.

  4. Continue with the rest of the configuration settings.

  5. Save your changes.