Use this guide to configure the Forgot Username page, where end-users can retrieve forgotten user IDs.

The Forgot Username tool enables an end-user to provide information associated with their directory account in order to reacquire their username to log into SecureAuth IdP realms.

Each SecureAuth IdP realm can include a Forgot Username URL Link (Overview tab) that displays on the initial login page. Clicking the link redirects end-users to the Forgot Username realm, at which the end-user enters information from a defined field (e.g. email address, phone number, etc.) to confirm the account identity.

Upon successful identity validation, the username is displayed on the page itself or sent to the user via email, as configured by the administrator.

1. Create a New Realm for the Forgot Username function

2. Configure the following tabs in the Web Admin before configuring the Post Authentication tab:

  • Overview – the description of the realm and SMTP connections must be defined
  • Data – an enterprise directory must be integrated with SecureAuth IdP
  • Workflow – the way in which users will access this application must be defined
  • Registration Methods – the 2-Factor Authentication methods that will be used to access this page (if any) must be defined

Select the type of directory integration used for the Forgot Username realm and follow the appropriate steps

This is a configuration example using an Active Directory integration and common data fields, so it is not universal for every enterprise data store, but may be used as a reference to other LDAP directory types

This is a configuration example using an Active Directory integration and common data fields, so it is not universal for every enterprise data store

1. In the Membership Connection Settings section, change the searchFilter to accept the user's email address on the initial login page (instead of the username)

This would correspond to the field in the enterprise directory that contains the email address, e.g. (&(mail=%v)(objectclass=*))

2. The value in the Search Attribute must be sent in a token, so assign the data store field to a SecureAuth IdP Profile Field

For example: The Search Attribute sAMAccountName is now assigned to Aux ID 1 in the Profile Fields section

(Move on to step 5)

This is a configuration example using a SQL Data Store integration and common properties, so it is not universal for every enterprise data store, but may be used as a reference to other SQL-type data stores (Oracle, ODBC, others)

1. In the SQL data store, create new Stored Procedures that are specific for the Forgot Username realm, using email (or another preferred property) as the user ID

Using SecureAuth's provided Stored Procedures and Tables, replace the Stored Procedure name with a friendly name, e.g. replace GetUser with GetUserByEmail in sp_GetUser: sp_GetUserByEmail

This differentiates the Stored Procedure from the others that employ the username as the User ID

Replace UserName with Email1 in WHERE UserName = @UserName: WHERE Email1 = @UserName

This tells SecureAuth IdP to employ the user's email address stored in Email 1 as the user ID

CREATE PROC [dbo].[sp_GetUserByEmail] @UserName VARCHAR(60)
AS
BEGIN
    SELECT UserName
        ,ISNULL([GroupList], '')
        ,ISNULL([PwdLastSet],'1/1/1900')
    FROM UserTable
    WHERE Email1 = @UserName
END
GO

Shown as an example is the Get User Stored Procedure, which must be updated for this realm

The following Stored Procedures must be updated in the same manner, but with unique, friendly names:

  • Get User (new name: GetUserByEmail)
  • Get Profile (new name: GetProfileByEmail)
  • Update Profile (new name: UpdateProfileByEmail)

2. In the Forgot Username-specific Get User Profile Stored Procedure (e.g. GetProfileByEmail), replace AuxID1 with UserName in ,IsNull(AuxID1, '') AuxID1: ,IsNull(UserName, '') AuxID1

This maps the forgotten username in the Aux ID 1 Property

CREATE PROC [dbo].[sp_GetProfileByEmail] @UserName VARCHAR(60)
AS
BEGIN
    SELECT UserName
        ,IsNull(FirstName, '') FirstName
        ,IsNull(LastName, '') LastName
        ,IsNull(Phone1, '') Phone1
        ,IsNull(Phone2, '') Phone2
        ,IsNull(Phone3, '') Phone3
        ,IsNull(Phone4, '') Phone4
        ,IsNull(Email1, '') Email1
        ,IsNull(Email2, '') Email2
        ,IsNull(Email3, '') Email3
        ,IsNull(Email4, '') Email4
        ,IsNull(UserName, '') AuxID1
        ,IsNull(AuxID2, '') AuxID2
        ,IsNull(AuxID3, '') AuxID3
        ,IsNull(AuxID4, '') AuxID4
        ,IsNull(AuxID5, '') AuxID5
        ,IsNull(AuxID6, '') AuxID6
        ,IsNull(AuxID7, '') AuxID7
        ,IsNull(AuxID8, '') AuxID8
        ,IsNull(AuxID9, '') AuxID9
        ,IsNull(AuxID10, '') AuxID10
        ,IsNull(pinHash, '') pinHash
        ,IsNull(Questions, '') Questions
        ,IsNull(Answers, '') Answers
        ,IsNull(ChallengeQuestion, '') ChallengeQuestion
        ,IsNull(ChallengeAnswer, '') ChallengeAnswer
        ,IsNull(CertResetDate, '1/1/1900') CertResetDate
        ,IsNull(CertCount, 0) CertCount
        ,IsNull(CertSerialNumber, '') CertSerialNumber
        ,IsNull(MobileResetDate, '1/1/1900') MobileResetDate
        ,IsNull(MobileCount, 0) MobileCount
        ,IsNull(ExtSyncPwdDate, '1/1/1900') ExtSyncPwdDate
        ,IsNull(HardwareToken, '') HardwareToken
        ,IsNull(iOSDevices, '') iOSDevices
        ,IsNull(OATHSeed, '') OATHSeed
        ,IsNull(OneTimeOATHList, '') OneTimeOATHList
        ,IsNull(GroupList, '') GroupList
    FROM UserTable
    WHERE Email1 = @UserName
    SELECT DigitalFP
    FROM UserFP
    WHERE Email1 = @UserName
    SELECT PNToken
    FROM UserPN
    WHERE Email1 = @UserName
    SELECT AccessHistory
    FROM UserAccessHistory
    WHERE Email1 = @UserName
END
GO

Note the updates applied to this Stored Procedure from step 1

The following steps are completed in the SecureAuth IdP Web Admin

 

3. In the Membership Connection Settings section, set the Get User SP to the friendly name of the Forgot Username-specific Get User Stored Procedure (configured in step 1), e.g. GetUserByEmail

 

4. Set the Get Profile SP and the Update Profile SP to the friendly names of the Forgot Username-specific Get User Profile and Update User Profile Stored Procedures, e.g. GetProfileByEmail and UpdateProfileByEmail

Click Save once the configurations have been completed and before leaving the Data page to avoid losing changes

 

5. In the Custom Front End section, select the appropriate Profile Field from the Token Data Type (Send) dropdown

Using the same example, select Aux ID 1

Click Save once the configurations have been completed and before leaving the Workflow page to avoid losing changes

 

6. Select Forgot Username from the Authenticated User Redirect dropdown in the Post Authentication tab in the Web Admin

7. An unalterable URL auto-populates in the Redirect To field, which appends to the domain name and realm number in the address bar (Authorized/ForgotUsername.aspx)

 

8. Choose the Username Delivery Option, which is either to Display on page or to Send in email to the field designated in the searchFilter / Stored Procedures (Email 1)

Click Save once the configurations have been completed and before leaving the Post Authentication page to avoid losing changes

 

9. Click View and Configure FormsAuth keys / SSO token to configure the token/cookie settings and to configure this realm for Single Sign-on (SSO)

These are optional configurations

Follow these steps to alter the end-user login pages to read, "Email" (or whatever is preferred) instead of "Username" in the Forgot Username realm

These optional steps are completed in the Forgot Username realm (configured above)

 

1. In the Advanced Settings section, select Content and Localization

 

2. Search for useridview_userIdLabel and change Username: to Email: (or the preferred verbiage), which displays on the initial login page, prompting the user for the User ID

3. Change the passwordview_userLabel from Username: to Email: (or the preferred verbiage), which displays on the subsequent login page, prompting the user for the password

This is only necessary if the realm's workflow has username and password on separate pages

The Username / Email field is greyed out and displays the information entered on the previous page

4. Search for useridview_usernameplaceholder and change Username to Email Address (or the preferred verbiage), which displays as a placeholder on the initial login page (with step 2) in the text box

Click Save once the configuration is complete and before leaving the Content and Localization page to avoid losing changes

Follow the step to add the Forgot Username realm link to other SecureAuth IdP realms, which displays on login pages for end-users to quickly retrieve lost credentials

This optional step is NOT completed in the Forgot Username realm, but rather in other SecureAuth IdP realms

 

1. In the Page Content section, update the Forgot Username URL field and its Location on the login page within the other SecureAuth IdP realms in which the function is available

The URL would be: /SecureAuth[ForgotUsernameRealm#]

Click Save once the configurations have been completed and before leaving the Overview page to avoid losing changes