Access Management 7.3.1

User self-service

The user self-service feature lets your customers self-register on your website, securely reset forgotten passwords and retrieve their usernames.

AM’s user self-service capabilities greatly reduce help desk costs and provide a rich online experience that strengthens customer loyalty.

Features
User self-registration

Lets non-authenticated users register on your site. You can add security features like email verification, knowledge-based authentication (KBA) security questions, Google reCAPTCHA, and custom plugins to augment the self-registration process.

Knowledge-based authentication security questions

Supports the capability to present security questions during the registration process. When enabled, the user is prompted to enter answers to pre-configured or custom security questions. Then, during the forgotten password or forgotten username process, the user is presented with the security questions, and must answer them correctly to continue the process.

Forgotten password reset

Lets registered users already in your system reset their passwords. The default password policy is set in the underlying directory server and requires a minimum password length of eight characters by default. If security questions are enabled, users must also correctly answer their pre-configured security questions before resetting their passwords.

Forgotten username support

Lets users retrieve their forgotten usernames. If security questions are enabled, users must also correctly answer their pre-configured security questions before retrieving their usernames.

Google reCAPTCHA plugin

Supports the ability to add a Google reCAPTCHA plugin to the registration page. This plugin protects against any software bots that can be used against your site.

Configurable plugins

Supports the ability to add plugins to customize the user services process flow. You can develop your custom code and drop the .jar file into your container.

Customizable confirmation emails

Supports the ability to customize or localize confirmation emails in plain text or HTML.

The OTP Email Sender node supports plain text notifications only. You cannot include HTML-rich notifications that use information from shared or transient state. If you need to support HTML notifications, you can use a Groovy script with a private HTTP client that makes the REST API calls and place the output in a scripted decision node.
Password policy configuration

Supports password policy configuration, which is enforced by the underlying DS server and manually aligned with frontend UI templates. The default password policy requires a password with a minimum length of eight characters.

Self-registration user attribute allowlist

Supports attribute allowlisting, which lets you specify which attributes can be set by the user during account creation.

The user self-service feature supports a number of different user flows depending on how you configure your security options. These options include email verification, security questions, Google reCAPTCHA, and any custom plugins that you create.

Forgotten username retrieval and forgotten password reset support various user flows, depending on how you configure your security options. If you enabled security questions and the user entered responses to each question during self-registration, the security questions are presented to the user in random order.

Copyright © 2010-2024 ForgeRock, all rights reserved.