Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel
borderColor#000000
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#000000
borderStylesolid
titleIntroduction

Use this guide to configure the Forgot Username page, where end-users can retrieve forgotten user IDs.

The Forgot Username tool enables an end-user to provide information associated with their directory account in order to reacquire their username to log into SecureAuth IdP realms.

Each SecureAuth IdP realm can include a Forgot Username URL Link (Overview tab) that displays on the initial login page. Clicking the link redirects end-users to the Forgot Username realm, at which the end-user enters information from a defined field (e.g. email address, phone number, etc.) to confirm the account identity.

Upon successful identity validation, the username is displayed on the page itself or sent to the user via email, as configured by the administrator.

Panel
borderColor#444443#444544
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#444443#444544
borderStylesolid
titlePrerequisites

1. Create a New Realm for the Forgot Username function

2. Configure the following tabs in the Web Admin before configuring the Post Authentication tab:

  • Overview – the description of the realm and SMTP connections must be defined
  • Data – an enterprise directory must be integrated with SecureAuth IdP
  • Workflow – the way in which users will access this application must be defined
  • Registration Methods – the 2-Factor Authentication methods that will be used to access this page (if any) must be defined
Panel
borderColor#135570#145570
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#135570#145570
borderStylesolid
titleConfiguration Steps
UI Text Box
typenote

Select the type of directory integration used for the Forgot Username realm and follow the appropriate steps

#116490#116490
UI Tabs
UI Tab
titleLDAP Directories (AD and others)
UI Text Box
typeinfo

This is a configuration example using an Active Directory integration and common data fields, so it is not universal for every enterprise data store, but may be used as a reference to other LDAP directory types

Panel
borderColor
#126591
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor
#126591
borderStylesolid
titleData
UI Text Box
typeinfo

This is a configuration example using an Active Directory integration and common data fields, so it is not universal for every enterprise data store

Image Modified

Section
Column
width50%

1. In the Membership Connection Settings section, change the searchFilter to accept the user's email address on the initial login page (instead of the username)

This would correspond to the field in the enterprise directory that contains the email address, e.g. (&(mail=%v)(objectclass=*))

Column

2. The value in the Search Attribute must be sent in a token, so assign the data store field to a SecureAuth IdP Profile Field

For example: The Search Attribute sAMAccountName is now assigned to Aux ID 1 in the Profile Fields section

(Move on to step 5)

UI Tab
titleSQL-type Data Stores
UI Text Box
typeinfo

This is a configuration example using a SQL Data Store integration and common properties, so it is not universal for every enterprise data store, but may be used as a reference to other SQL-type data stores (Oracle, ODBC, others)

Panel
borderColor#126591
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#126591
borderStylesolid
titleSQL Data Store Configuration Steps

1. In the SQL data store, create new Stored Procedures that are specific for the Forgot Username realm, using email (or another preferred property) as the user ID

Using SecureAuth's provided Stored Procedures and Tables, replace the Stored Procedure name with a friendly name, e.g. replace GetUser with GetUserByEmail in sp_GetUser: sp_GetUserByEmail

This differentiates the Stored Procedure from the others that employ the username as the User ID

Replace UserName with Email1 in WHERE UserName = @UserName: WHERE Email1 = @UserName

This tells SecureAuth IdP to employ the user's email address stored in Email 1 as the user ID

Code Block
languagesql
CREATE PROC [dbo].[sp_GetUserByEmail] @UserName VARCHAR(60)
AS
BEGIN
    SELECT UserName
        ,ISNULL([GroupList], '')
        ,ISNULL([PwdLastSet],'1/1/1900')
    FROM UserTable
    WHERE Email1 = @UserName
END
GO
UI Text Box
typeinfo

Shown as an example is the Get User Stored Procedure, which must be updated for this realm

The following Stored Procedures must be updated in the same manner, but with unique, friendly names:

  • Get User (new name: GetUserByEmail)
  • Get Profile (new name: GetProfileByEmail)
  • Update Profile (new name: UpdateProfileByEmail)

2. In the Forgot Username-specific Get User Profile Stored Procedure (e.g. GetProfileByEmail), replace AuxID1 with UserName in ,IsNull(AuxID1, '') AuxID1: ,IsNull(UserName, '') AuxID1

This maps the forgotten username in the Aux ID 1 Property

Code Block
languagesql
CREATE PROC [dbo].[sp_GetProfileByEmail] @UserName VARCHAR(60)
AS
BEGIN
    SELECT UserName
        ,IsNull(FirstName, '') FirstName
        ,IsNull(LastName, '') LastName
        ,IsNull(Phone1, '') Phone1
        ,IsNull(Phone2, '') Phone2
        ,IsNull(Phone3, '') Phone3
        ,IsNull(Phone4, '') Phone4
        ,IsNull(Email1, '') Email1
        ,IsNull(Email2, '') Email2
        ,IsNull(Email3, '') Email3
        ,IsNull(Email4, '') Email4
        ,IsNull(UserName, '') AuxID1
        ,IsNull(AuxID2, '') AuxID2
        ,IsNull(AuxID3, '') AuxID3
        ,IsNull(AuxID4, '') AuxID4
        ,IsNull(AuxID5, '') AuxID5
        ,IsNull(AuxID6, '') AuxID6
        ,IsNull(AuxID7, '') AuxID7
        ,IsNull(AuxID8, '') AuxID8
        ,IsNull(AuxID9, '') AuxID9
        ,IsNull(AuxID10, '') AuxID10
        ,IsNull(pinHash, '') pinHash
        ,IsNull(Questions, '') Questions
        ,IsNull(Answers, '') Answers
        ,IsNull(ChallengeQuestion, '') ChallengeQuestion
        ,IsNull(ChallengeAnswer, '') ChallengeAnswer
        ,IsNull(CertResetDate, '1/1/1900') CertResetDate
        ,IsNull(CertCount, 0) CertCount
        ,IsNull(CertSerialNumber, '') CertSerialNumber
        ,IsNull(MobileResetDate, '1/1/1900') MobileResetDate
        ,IsNull(MobileCount, 0) MobileCount
        ,IsNull(ExtSyncPwdDate, '1/1/1900') ExtSyncPwdDate
        ,IsNull(HardwareToken, '') HardwareToken
        ,IsNull(iOSDevices, '') iOSDevices
        ,IsNull(OATHSeed, '') OATHSeed
        ,IsNull(OneTimeOATHList, '') OneTimeOATHList
        ,IsNull(GroupList, '') GroupList
    FROM UserTable
    WHERE Email1 = @UserName
    SELECT DigitalFP
    FROM UserFP
    WHERE Email1 = @UserName
    SELECT PNToken
    FROM UserPN
    WHERE Email1 = @UserName
    SELECT AccessHistory
    FROM UserAccessHistory
    WHERE Email1 = @UserName
END
GO
UI Text Box
typetip

Note the updates applied to this Stored Procedure from step 1

UI Text Box
typeinfo

The following steps are completed in the SecureAuth IdP Web Admin

Panel
borderColor#126591
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#126591
borderStylesolid
titleData
Section
Column
width50%

Image Added

Column

 

3. In the Membership Connection Settings section, set the Get User SP to the friendly name of the Forgot Username-specific Get User Stored Procedure (configured in step 1), e.g. GetUserByEmail

Panel
borderColor#3e7fa0
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#3e7fa0
borderStylesolid
titleProfile Connection Settings
Section
Column
width50%

Image Added

Column

 

4. Set the Get Profile SP and the Update Profile SP to the friendly names of the Forgot Username-specific Get User Profile and Update User Profile Stored Procedures, e.g. GetProfileByEmail and UpdateProfileByEmail

Warning

Click Save once the configurations have been completed and before leaving the Data page to avoid losing changes

Panel
borderColor#116490#126591
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490#126591
borderStylesolid
titleWorkflow
Section
Column
width50%

Column

 

35. In the Custom Front End section, select the appropriate Profile Field from the Token Data Type (Send) dropdown

Using the same example, select Aux ID 1

Warning

Click Save once the configurations have been completed and before leaving the Workflow page to avoid losing changes

 

7. Select the type of User ID that will be asserted to the page from the User ID Mapping dropdown

This is typically the Authenticated User ID

Panel
borderColor#116490#126591
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490#126591
borderStylesolid
titlePost Authentication
Section
Column
width50%

Column

 

46. Select Forgot Username from the Authenticated User Redirect dropdown in the Post Authentication tab in the Web Admin

57. An unalterable URL will be auto-populated populates in the Redirect To field, which will append appends to the domain name and realm number in the address bar (Authorized/ForgotUsername.aspx)

6. A customized post authentication page can be uploaded, but it is not required

Panel
borderColor#007fb2#3e7fa0
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2#3e7fa0
borderStylesolid
titleUser ID Mapping
Section
Column
width50%

Image Removed

Column
Forgot Username
Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2
borderStylesolid
titleForgot Username
Section
Column
width50%

Column

 

8. Choose the Username Delivery Option, which will is either be to Display on page or to Send in email to the field designated in the searchFilter / Stored Procedures (Email 1)

Warning

Click Save once the configurations have been completed and before leaving the Post Authentication page to avoid losing changes

Panel
borderColor#007fb2#3e7fa0
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2#3e7fa0
borderStylesolid
titleForms Auth / SSO Token
Section
Column
width50%

Column

 

9. Click View and Configure FormsAuth keys / SSO token to configure the token/cookie settings and to configure this realm for Single Sign-on (SSO)

Info

These are optional configurations

Excerpt Include
Account Management (Help Desk) Page Configuration Guide
Account Management (Help Desk) Page Configuration Guide
nopaneltrue

#116490#116490
Panel
borderColor
#f5a863
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor
#f5a863
borderStylesolid
titleBest Practices
Panel
borderColor#145570
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#145570
borderStylesolid
titleClient-side Form Modification
UI Text Box

Follow these steps to alter the end-user login pages to read, "Email" (or whatever is preferred) instead of "Username" in the Forgot Username realm

These optional steps are completed in the Forgot Username realm (configured above)

Panel
borderColor#126591
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#126591
borderStylesolid
titleOverview
Section
Column
width50%

Image Added

Column

 

1. In the Advanced Settings section, select Content and Localization

Panel
borderColor#3e7fa0
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#3e7fa0
borderStylesolid
titleVerbiage Editor
Section
Column
width50%

Image Added

Column

 

2. Search for useridview_userIdLabel and change Username: to Email: (or the preferred verbiage), which displays on the initial login page, prompting the user for the User ID

3. Change the passwordview_userLabel from Username: to Email: (or the preferred verbiage), which displays on the subsequent login page, prompting the user for the password

This is only necessary if the realm's workflow has username and password on separate pages

The Username / Email field is greyed out and displays the information entered on the previous page

4. Search for useridview_usernameplaceholder and change Username to Email Address (or the preferred verbiage), which displays as a placeholder on the initial login page (with step 2) in the text box

Warning

Click Save once the configuration is complete and before leaving the Content and Localization page to avoid losing changes

Panel
borderColor#145570
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#145570
borderStylesolid
titleForgot Username Links
UI Text Box

Follow the step to add the Forgot Username realm link to other SecureAuth IdP realms, which displays on login pages for end-users to quickly retrieve lost credentials

This optional step is NOT completed in the Forgot Username realm, but rather in other SecureAuth IdP realms

Panel
borderColor#126591
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#126591
borderStylesolid
titleOverview
Section
Column
width50%

Image Modified

Column

 

10

1. In the Page Content section, update the Forgot Username URL field and its Location on the login page within the other SecureAuth IdP realms in which the function is available

The URL would be: /SecureAuth[ForgotUsernameRealm#]

Warning

Click Save once the configurations have been completed and before leaving the Overview page to avoid losing changes