How do I stop IDM (All versions) prompting users for their current password during password reset?
The purpose of this article is to provide information on configuring IDM to not prompt users for their current password when they reset it using the user password reset feature. You will need to use this configuration in situations where the user will not know their password; for example, if they log in with a social provider or if you have just imported new users into IDM.
Configuring IDM
You can configure IDM so that users are not prompted for their current password by setting the password isProtected property to false in the managed.json file (located in the /path/to/idm/conf directory). For example:
"password" : {
"title" : "Password",
"description" : "Password",
"type" : "string",
...
"isProtected": false,
"usageDescription" : "",
"isPersonal" : false,
Setting the isProtected property to false means users won't be asked to reauthenticate (enter their current password) when they reset their password.
See Also
Integrator's Guide › User Password Reset
Self-Service REST API Reference › Password Reset Process
Integrator's Guide › Creating and Modifying Managed Object Types
Related Training
N/A
Related Issue Tracker IDs
OPENIDM-11536 (Cannot set user password for user created through full-stack social registration)
OPENIDM-6325 (Users which have no password should not be prompted to enter their current password)