Configuring User Self-Service
You can configure the user self-service features to use email address verification, which sends an email containing a link for user self-registration and forgotten password reset via AM's Email Service. You can also send the forgotten username to the user by email if configured.
Tip
To configure user self-registration and password recovery in the ForgeRock Identity Platform, see the ForgeRock Identity Platform Self-Service Guide.
The following table summarizes the high-level tasks required to configure the user self-service features:
Task | Resources |
---|---|
Create Encryption and Signing Keys The user self-service features require a key pair for encryption and a signing secret key. Create one of each for each instance of user self-service you plan to configure. | |
Configure a User Self-Service Instance Each realm requires its own instance. | |
Configure User Self-Service Security Configure at least one security method for each feature:
| |
Configure User Self-Service Features Configure the features that your environment requires. |
Tip
You can also delegate user self-registration to IDM.
In the AM console, go to Realms > Realm Name > Services and select Add a Service.
Select User Self-Service from the list of possible services.
Populate the values of the Encryption Key Pair Alias and the Signing Secret Key Alias properties with the names of the key pair aliases in your JCEKS keystore. Note that the name of the demo keys shows with a gray color; that does not mean the fields are filled in.
For example, if you are using the demo keys in the default
keystore.jceks
file, set the properties as follows:Encryption Key Pair Alias to
selfserviceenctest
.Signing Secret Key Alias to
selfservicesigntest
.Note
The demo key aliases are for test or evaluation purposes. Do not use them in production environments. To create new key aliases, see "To Create Self-Service Key Aliases".
(Optional) Enable the user self-service features.
Select Create.