Forgot Username page configuration
The Identity Management (IdM) tool contains the Forgot Username page function for end users to retrieve forgotten user IDs.
The Forgot Username page allows end users to give information associated with their data store account to get their username to log in to a protected resource.
Each protected resource page can include a Forgot Username URL link that appears on the login page for the resource. Clicking the link redirects the end user to the Forgot Username page. They enter their information in a defined field like email address, or phone number to confirm the account identity.
Upon validation of the account identity, it sends an email containing the username to the user.
Prerequisites
SecureAuth® Identity Platform release 22.02 or later
Data store added to the Identity Platform
You might need to add another data store integration with the Search Filter set to email instead of username. See Data store configuration below.
Configured user authentication policy
Data store configuration
Most data stores are set to use the username (samAccountName) as a search filter to find the user ID at login. As a use case for the Forgot Username page, you could set the data store search filter to accept an email instead of username.
You'll need to set up and integrate your data stores in the Identity Platform before you can configure the Forgot Username page. Go to the configuration section appropriate for your data store.
The following steps uses the Active Directory data store integration as an example. The settings are not universal for other LDAP-type data stores, but can be used as a reference.
In the Identity Platform, go to the Data Stores and configure the data store Search Filter to:
(&(mail=%v)(objectclass=*))
This accepts the user's email address on the initial login page (instead of username) when the end user clicks "Forgot Username".
Save your changes
The following steps uses the SQL Server data store integration as an example. The settings are not universal for other SQL-type data stores, but can be used as a reference.
In the SQL Server data store, create new SQL stored procedures specific to the Forgot Username page to use email (or another preferred property) as the user ID. This separates the stored procedures from the others that use the username as the user ID.
As a reference, see the document SQL user data store tables and stored procedures configuration.
Update stored procedures
In the following stored procedures, change the stored procedure name with a user friendly name.
Stored procedure
Example of stored procedure name change
Get User:
sp_GetUser
sp_GetUserByEmail
Get Profile:
sp_GetUserProfile
sp_GetUserProfileByEmail
Update Profile:
sp_UpdateUserProfile
sp_UpdateUserProfileByEmail
For each stored procedure as described in the previous step, find the line:
WHERE UserName = @UserName
and changeUserName
withEmail1
.For example, this is the original stored procedure script to accept a user name on the initial login:
CREATE PROC [dbo].[sp_GetUser] @UserName VARCHAR(60) AS BEGIN SELECT [UserName] ,ISNULL([GroupList], '') ,ISNULL([PwdLastSet],'1/1/1900') ,ISNULL([AccountStatus], '') FROM UserTable WHERE UserName = @UserName END
And the following is the updated stored procedure to accept an email on the initial login:
CREATE PROC [dbo].[sp_GetUserByEmail] @UserName VARCHAR(60) 1 AS BEGIN SELECT [UserName] ,ISNULL([GroupList], '') ,ISNULL([PwdLastSet],'1/1/1900') ,ISNULL([AccountStatus], '') FROM UserTable WHERE Email1 = @UserName 2 END
As an example, see the updated stored procedure for
sp_GetUserProfileByEmail
.
Update SQL data store configuration in the Identity Platform
In the Identity Platform data store configuration, use the updated stored procedure names.
In the Identity Platform, go to the Data Stores and configure the Stored Procedure Configuration fields with the names you just updated in the stored procedures.
For example, set Get User to
sp_GetUserByEmail
.Save your changes.
Step A: Add and configure Forgot Username page
Use the Internal Application Manager to add and configure the Forgot Username page.
On the left side of the Identity Platform, click Internal Application Manager.
Click Add New Internal Application.
The New Internal Application page displays.
Set the following configurations:
Internal Application Name
Set the name of the Forgot Username page.
This name is shown on the page header and document title of the end user login pages.
Note
If you change this name, it will overwrite any value that is set on the Overview tab in Advanced Settings.
Internal Application Description
This is an internal description not shown to end users.
Data Store
Enter the data store to authenticate and allow user access to the Forgot Username page.
Groups
Use one of the following options:
Slider in the On position (enabled): Allow users from every group in your selected data stores access to the Forgot Username page.
Slider in the Off position (disabled): Enter the specific groups who are allowed access to the Forgot Username page.
Authentication Policy
Select the user authentication policy for the Forgot Username page.
Realm Number
Select the Realm Number to use for this application.
Authenticate User Redirect
Select the Identity Management (IdM) category.
Identity Management (IdM)
Select Forgot Username.
Redirect To
This field is automatically populated by the selection of Forgot Username as an internal application.
This is the page the end user lands on after login.
Click Create Connection.
This creates a new internal application with an attached user authentication policy from the New Experience.
Copy the login URL for your end users to access the Forgot Username page.
You'll need this information to share with your end users.
You can find this on the main Internal Application Manager page or when you edit the Forgot Username configuration in the Redirect Information section.
Step B: Finish configuration in Advanced Settings
Continue to Advanced Settings (formerly Classic Experience) to finish the Forgot Username page configurations.
Send username configuration
To complete the Forgot Username page configuration in Advanced Settings, do one of the following:
At the top of the page, click the link in the green confirmation message.
At the bottom of the page, click Go to Advanced Settings... link.
The link takes you to the Post Authentication tab in Advanced Settings.
In the Forgot Username section, set how to deliver the username to the end user.
Username Delivery Option
Select the username delivery option.
Display on page – Show the userename on the page.
Send in email – Send the username to the end user's email.
Save your changes.
Change form label
Change the end user login page to display something like Email instead of Username.
In the Forgot Username page configuration/realm, go to Advanced Settings and select the Overview tab.
In the Advanced Settings section. click the Content and Localization link.
In the Verbiage Editor section, search for the following fields and make changes.
useridview_userIdLabel
Set to something like Email:
This term displays on the initial login page, prompting the user to enter their email address.
passwordview_userLabel
Set to something like Email:
This term displays on the next login page, prompting the user to enter their password.
Make this change only if the Forgot Username login workflow has the username and password on separate pages. It displays the Username / Email entered on the previous page and and is greyed out.
useridview_usernameplaceholder
Set to something like Email Address:
This term displays on the initial login page as a placeholder that goes with the text box for useridview_userIdLabel.
Save your changes.
Set Forgot Username link on login pages
Set the Forgot Username link on other resource login pages. For example, on the Salesforce login page, you can display the Forgot Username link.
In the Identity Platform, go to Advanced Settings.
Find the resource realm (for example, Salesforce) where you want to include the Forgot Username link.
Select the Overview tab.
In the Page Content section, set the Forgot Username URL to the realm number of the Forgot Username page.
The format is /SecureAuth<ForgotUserNameRealm#>. For example, the realm number for the Forgot Username page is 314, then enter
/SecureAuth314
.Save your changes.