Documentation

Table of Contents


Other Resources


The Identity Management (IdM) tool in SecureAuth® Identity Platform (formerly SecureAuth IdP) contains the Forgot Username page for end users to retrieve forgotten user IDs.

The Forgot Username page allows end users to give information associated with their data store account to get their username to log in to a protected resource.

Each protected resource page can include a Forgot Username URL link that appears on the login page for the resource. Clicking the link redirects the end user to the Forgot Username page. They enter their information in a defined field like email address, or phone number to confirm the account identity.

Upon validation of the account identity, it sends an email containing the username to the user.

Prerequisite


Data store configuration

To configure the Forgot Username page, go to the configuration section appropriate for your data store.

LDAP data store (like Active Directory)

The configuration uses Active Directory integration and its common data fields as an example. The settings are not universal for other LDAP-type data stores, but can be used as a reference.

  1. Go to the Data tab. 
  2. In the Membership Connection Settings section, set the following: 

    Search Attribute

    Set to the data store attribute used to retrieve the user ID.

    This is the forgotten username provided to the user when they authenticate the forgotten username request.

    searchFilter

    Change the search filter to accept the user's email address on the initial login page (instead of the username).

    This corresponds to the data store field containing the email address. For example, (&( mail =%v)(objectclass=*))

  3. Save your changes. 
SQL data store (like Oracle)

Change SQL stored procedures

The configuration uses a SQL data store integration and its common properties as an example. The settings are not universal for other SQL-type data stores (like Oracle, ASP.net, ODBC and others), but can be used as a reference.

To configure a Forgot Username page with an ASP.net data store, see the ASP.net configuration section at the end. 

In the SQL data store, you need to create new SQL stored procedures specific to the Forgot Username page. Using the  SQL tables and stored procedures provided by SecureAuth, we're going to use email (or another preferred property) as the user ID.

This helps differentiate the stored procedure from the others that employ the username as the user ID.

  1. In the stored procedure name sp_GetUser, replace this with a friendly name like sp_GetUserByEmail.
  2. In the stored procedure line WHERE UserName =@UserName, replace UserName with Email1.

    For example, WHERE Email1 = @UserName.

    See the following code as an example.

    CREATE PROC [dbo].[sp_GetUserByEmail] @UserName VARCHAR(60)
    AS
    BEGIN
        SELECT [UserName]
            ,ISNULL([GroupList], '')
            ,ISNULL([PwdLastSet],'1/1/1900')
            ,ISNULL([AccountStatus], '')
        FROM UserTable
        WHERE Email1 = @UserName
    END
  3. Repeat this for the following stored procedures, with unique, friendly names:
    • Get User (new name: GetUserByEmail)
    • Get Profile (new name: GetProfileByEmail)
    • Update Profile (new name: UpdateProfileByEmail)
    • Validate or Get Password: Change only if the user must give a password in the workflow to retrieve a forgotten username. (new name: ValidatePasswordByEmail or GetPasswordByEmail)
      The following 

    See the updated Get User stored procedure as an example shown next. 

    CREATE PROC [dbo].[sp_GetProfileByEmail] @UserName VARCHAR(60)
    AS
    BEGIN
        SELECT UserName
            ,IsNull(FirstName, '') FirstName
            ,IsNull(LastName, '') LastName
            ,IsNull(Phone1, '') Phone1
            ,IsNull(Phone2, '') Phone2
            ,IsNull(Phone3, '') Phone3
            ,IsNull(Phone4, '') Phone4
            ,IsNull(Email1, '') Email1
            ,IsNull(Email2, '') Email2
            ,IsNull(Email3, '') Email3
            ,IsNull(Email4, '') Email4
            ,IsNull(AuxID1, '') AuxID1
            ,IsNull(AuxID2, '') AuxID2
            ,IsNull(AuxID3, '') AuxID3
            ,IsNull(AuxID4, '') AuxID4
            ,IsNull(AuxID5, '') AuxID5
            ,IsNull(AuxID6, '') AuxID6
            ,IsNull(AuxID7, '') AuxID7
            ,IsNull(AuxID8, '') AuxID8
            ,IsNull(AuxID9, '') AuxID9
            ,IsNull(AuxID10, '') AuxID10
            ,IsNull(pinHash, '') pinHash
            ,IsNull(Questions, '') Questions
            ,IsNull(Answers, '') Answers
            ,IsNull(ChallengeQuestion, '') ChallengeQuestion
            ,IsNull(ChallengeAnswer, '') ChallengeAnswer
            ,IsNull(CertResetDate, '1/1/1900') CertResetDate
            ,IsNull(CertCount, 0) CertCount
            ,IsNull(CertSerialNumber, '') CertSerialNumber
            ,IsNull(MobileResetDate, '1/1/1900') MobileResetDate
            ,IsNull(MobileCount, 0) MobileCount
            ,IsNull(ExtSyncPwdDate, '1/1/1900') ExtSyncPwdDate
            ,IsNull(HardwareToken, '') HardwareToken
            ,IsNull(iOSDevices, '') iOSDevices
            ,IsNull(OATHSeed, '') OATHSeed
            ,IsNull(OneTimeOATHList, '') OneTimeOATHList
            ,IsNull(GroupList, '') GroupList
        FROM UserTable
        WHERE Email1 = @UserName
     
     
        SELECT DigitalFP
        FROM UserFP
        WHERE Email1 = @UserName
     
     
        SELECT PNToken
        FROM UserPN
        WHERE Email1 = @UserName
     
     
        SELECT AccessHistory
        FROM UserAccessHistory
        WHERE Email1 = @UserName
     
     
        SELECT OATHToken
        FROM UserOT
        WHERE Email1 = @UserName
    END
    GO


Identity Platform configuration for SQL data store

  1. Go to the Data tab. 
  2. In the Membership Connection Settings section, set the two fields to the friendly user name used in the updated SQL stored procedures. This is specific to the changed Get User stored procedure.   
    • For example, set Get User SP to GetUserByEmail
    • For example, set Validate/Get Password SP to GetPasswordByEmail

  3. Complete this step only if the user must provide a password in the login workflow on the Forgot Username page. In the Profile Connection Settings section, set the two fields to the friendly user name used in the updated SQL stored procedures.  This is specific to the change Get User Profile and Update User Profile stored procedures. 
    • For example, set Get Profile SP to GetProfileByEmail
    • For example, set Update Profile SP to UpdateProfileByEmail


ASP.net configuration

Complete the following steps for using an ASP.net data store with the Forgot Username page. 

Identity Platform versions 9.1 and later supports the ASP.net data store on the Forgot Username page.

  1. Go to the System Info tab and click the edit Web Config file link. 
  2. Search for ASPNETMembershipProvider, and add the following line in the ASPNETDB section:
    searchFilter="email" 
  3. Search for ASPNETProfileProvider, and add the following line in the ASPNETDB section: 
    searchFilter="email"
  4. Save your changes. 
  5. In the ASP.net data store, if the LoweredEmail field is empty, then populate this field. 


Forgot Username page configuration

After completing the above configurations applicable to your data store type, do the remaining steps.  

  1. Go to the Post Authentication tab. 
  2. In the Post Authentication section, set the following.  

    Authenticated User Redirect Set to Forgot Username
    Redirect ToThis field is autopopulated with the post authentication .aspx page. This is appended to the domain name and realm number in the web address bar. For example, Authorized/ForgotUsername.aspx. 

  3. In the Forgot Username section, choose how to deliver the username to the end user (Display on Page or Send in email). 
    This is the email stored in the data store attribute mapped to the Search Attribute field, or the User ID stored as the UserName in SQL-type data stores.  

  4. Save your changes. 


Optional configurations for token or cookie settings and SSO

In the Forms Auth/SSO Token section, you can optionally configure the token or cookie settings, and single-sign on (SSO) for this realm .

To configure token or cookie settings, see Configure token or cookie settings

To configure this realm for SSO, see SecureAuth IdP single sign-on configuration

To configure this realm for Windows Desktop SSO, see Windows desktop SSO configuration


Other form modifications

Client-side form modification

To change the end user login page to show "Email" (or whatever is preferred) instead of "Username".  

  1. In the Forgot Username page realm, go to the Overview tab. 
  2. In the Advanced Settings section, click the Content and Localization link. 
  3. In the Verbiage Editor section, search for the following fields and make these changes.  

    useridview_userIdLabel

    Change Username: to Email:

    You can use another term if preferred. This displays on the first login page, prompting the user to give their user ID. 

    passwordview_userLabel

    Change Username: to Email:

    You can use another term if preferred. This displays on the next login page, prompting the user to give their password. 

    Make these changes only if the Forgot Username page login workflow has the username and password on separate pages. The Username / Email field is greyed out and displays the information entered on the previous page. 

    useridview_usernameplaceholder

    Change Username to Email Address.

    You can use another term if preferred. This displays as a placeholder on the first login page that goes with the text box for useridview_userIdLabel. 

  4. Save your changes. 


Show the Forgot Username page link on another resource page (other Identity Platform realm) so users can retrieve lost credentials.

  1. Go to another Identity Platform realm containing the resource to which you want to include the Forgot Username link. 
  2. Go to the Overview tab. 
  3. In the Page Content section, set the Forgot Username URL link to the realm number of the Forgot Username page realm. 
    Use this format: /SecureAuth[ForgotUsernameRealm#]. Replace the entire text within brackets with the Forgot Username page realm number. 
  4. Save your changes. 
  • No labels