How To

How do I stop IDM (All versions) prompting users for their current password during password reset?

Last updated Apr 29, 2019

The purpose of this article is to provide information on configuring IDM to not prompt users for their current password when they reset it using the user password reset feature. You will need to use this configuration in situations where the user will not know their password; for example, if they log in with a social provider or if you have just imported new users into IDM.

Configuring IDM

You can configure IDM so that users are not prompted for their current password by setting the password isProtected property to false in the managed.json file (located in the /path/to/idm/conf directory). For example:

                    "password" : {
                        "title" : "Password",
                        "description" : "Password",
                        "type" : "string",
                        "isProtected": false,
                        "usageDescription" : "",
                        "isPersonal" : false,

Setting the isProtected property to false means users won't be asked to reauthenticate (enter their current password) when they reset their password.

See Also

How do I initiate the password reset functionality in IDM 5.x and OpenIDM 4.x via the REST API?

Link in Password Reset and User Registration emails does not work in Microsoft Outlook with IDM 5.x, 6 -, 6.5.0 and OpenIDM 4.x

Integrator's Guide › User Password Reset

Self-Service REST API Reference › Password Reset Process

Integrator's Guide › Creating and Modifying Managed Object Types

Related Training


Related Issue Tracker IDs

OPENIDM-11536 (Cannot set user password for user created through full-stack social registration)

OPENIDM-6325 (Users which have no password should not be prompted to enter their current password)

Copyright and TrademarksCopyright © 2019 ForgeRock, all rights reserved.