Skip to main content

Forgot Username page configuration

The Identity Management (IdM) tool contains the Forgot Username page function for end users to retrieve forgotten user IDs.

The Forgot Username page allows end users to give information associated with their data store account to get their username to log in to a protected resource.

Each protected resource page can include a Forgot Username URL link that appears on the login page for the resource. Clicking the link redirects the end user to the Forgot Username page. They enter their information in a defined field like email address, or phone number to confirm the account identity.

Upon validation of the account identity, it sends an email containing the username to the user.

Prerequisites

  • SecureAuth® Identity Platform release 22.02 or later

  • Data store added to the Identity PlatformData store integrations

    You might need to add another data store integration with the Search Filter set to email instead of username. See Data store configuration below.

  • Configured user authentication policyManage policies

Data store configuration

Most data stores are set to use the username (samAccountName) as a search filter to find the user ID at login. As a use case for the Forgot Username page, you could set the data store search filter to accept an email instead of username.

You'll need to set up and integrate your data stores in the Identity Platform before you can configure the Forgot Username page. Go to the configuration section appropriate for your data store.

The following steps uses the Active Directory data store integration as an example. The settings are not universal for other LDAP-type data stores, but can be used as a reference.

  1. In the Identity Platform, go to the Data Stores and configure the data store Search Filter to:

    (&(mail=%v)(objectclass=*))

    forgot_username_search_filter.png

    This accepts the user's email address on the initial login page (instead of username) when the end user clicks "Forgot Username".

  2. Save your changes

The following steps uses the SQL Server data store integration as an example. The settings are not universal for other SQL-type data stores, but can be used as a reference.

In the SQL Server data store, create new SQL stored procedures specific to the Forgot Username page to use email (or another preferred property) as the user ID. This separates the stored procedures from the others that use the username as the user ID.

As a reference, see the document SQL user data store tables and stored procedures configuration.

Update stored procedures
  1. In the following stored procedures, change the stored procedure name with a user friendly name.

    Stored procedure

    Example of stored procedure name change

    Get User: sp_GetUser

    sp_GetUserByEmail

    Get Profile: sp_GetUserProfile

    sp_GetUserProfileByEmail

    Update Profile: sp_UpdateUserProfile

    sp_UpdateUserProfileByEmail

  2. For each stored procedure as described in the previous step, find the line: WHERE UserName = @UserName and change UserName with Email1.

    For example, this is the original stored procedure script to accept a user name on the initial login:

    CREATE PROC [dbo].[sp_GetUser] @UserName VARCHAR(60)
    AS
    BEGIN
            SELECT [UserName]
                    ,ISNULL([GroupList], '')
                    ,ISNULL([PwdLastSet],'1/1/1900')
                    ,ISNULL([AccountStatus], '')
            FROM UserTable
            WHERE UserName = @UserName
    END

    And the following is the updated stored procedure to accept an email on the initial login:

    CREATE PROC [dbo].[sp_GetUserByEmail] @UserName VARCHAR(60) 1
    AS
    BEGIN
            SELECT [UserName]
                    ,ISNULL([GroupList], '')
                    ,ISNULL([PwdLastSet],'1/1/1900')
                    ,ISNULL([AccountStatus], '')
            FROM UserTable
            WHERE Email1 = @UserName 2
    END

    1

    Change sp_GetUser to sp_GetUserByEmail.

    2

    Change UserName to Email1.

    As an example, see the updated stored procedure for sp_GetUserProfileByEmail.

Update SQL data store configuration in the Identity Platform

In the Identity Platform data store configuration, use the updated stored procedure names.

  1. In the Identity Platform, go to the Data Stores and configure the Stored Procedure Configuration fields with the names you just updated in the stored procedures.

    For example, set Get User to sp_GetUserByEmail.

    forgot_username_sql_fields.png
  2. Save your changes.

Step A: Add and configure Forgot Username page

Use the Internal Application Manager to add and configure the Forgot Username page.

  1. On the left side of the Identity Platform, click Internal Application Manager.

    Screenshot of Internal Application Manager page.
  2. Click Add New Internal Application.

    The New Internal Application page displays.

    new_internal_app_2202.png
  3. Set the following configurations:

    Internal Application Name

    Set the name of the Forgot Username page.

    This name is shown on the page header and document title of the end user login pages.

    Note

    If you change this name, it will overwrite any value that is set on the Overview tab in Advanced Settings.

    Internal Application Description

    This is an internal description not shown to end users.

    Data Store

    Enter the data store to authenticate and allow user access to the Forgot Username page.

    Groups

    Use one of the following options:

    • Slider in the On position (enabled): Allow users from every group in your selected data stores access to the Forgot Username page.

    • Slider in the Off position (disabled): Enter the specific groups who are allowed access to the Forgot Username page.

    Authentication Policy

    Select the user authentication policy for the Forgot Username page.

    Realm Number

    Select the Realm Number to use for this application.

    Authenticate User Redirect

    Select the Identity Management (IdM) category.

    Identity Management (IdM)

    Select Forgot Username.

    Redirect To

    This field is automatically populated by the selection of Forgot Username as an internal application.

    This is the page the end user lands on after login.

  4. Click Create Connection.

    This creates a new internal application with an attached user authentication policy from the New Experience.

    int_app_forgot_user.png
  5. Copy the login URL for your end users to access the Forgot Username page.

    You'll need this information to share with your end users.

    You can find this on the main Internal Application Manager page or when you edit the Forgot Username configuration in the Redirect Information section.

    int_app_mgr_login_url_2202.png
    int_app_redirect_url.png

Step B: Finish configuration in Advanced Settings

Continue to Advanced Settings (formerly Classic Experience) to finish the Forgot Username page configurations.

Send username configuration

  1. To complete the Forgot Username page configuration in Advanced Settings, do one of the following:

    • At the top of the page, click the link in the green confirmation message.

    • At the bottom of the page, click Go to Advanced Settings... link.

    The link takes you to the Post Authentication tab in Advanced Settings.

  2. In the Forgot Username section, set how to deliver the username to the end user.

    Username Delivery Option

    Select the username delivery option.

    • Display on page – Show the userename on the page.

    • Send in email – Send the username to the end user's email.

    internal_app_mgr_forgotusername_classic.png
  3. Save your changes.

Change form label

Change the end user login page to display something like Email instead of Username.

  1. In the Forgot Username page configuration/realm, go to Advanced Settings and select the Overview tab.

  2. In the Advanced Settings section. click the Content and Localization link.

    forgot_username_form_label.png
  3. In the Verbiage Editor section, search for the following fields and make changes.

    forgot_username_verbiage_editor.png

    useridview_userIdLabel

    Set to something like Email:

    This term displays on the initial login page, prompting the user to enter their email address.

    passwordview_userLabel

    Set to something like Email:

    This term displays on the next login page, prompting the user to enter their password.

    Make this change only if the Forgot Username login workflow has the username and password on separate pages. It displays the Username / Email entered on the previous page and and is greyed out.

    useridview_usernameplaceholder

    Set to something like Email Address:

    This term displays on the initial login page as a placeholder that goes with the text box for useridview_userIdLabel.

  4. Save your changes.