Recover the One-Time Password Task with E-Mail
A one-time password (OTP) is a password that is valid for only one login session or transaction for CA Identity Manager. You can create a one-time password task by either creating a new or modifying an existing Forgotten Password task. Users requesting a one-time password from the log in screen receive them as a text message or in their designated email address.
cim142
A one-time password (OTP) is a password that is valid for only one login session or transaction for CA Identity Manager. You can create a one-time password task by either creating a new or modifying an existing Forgotten Password task. Users requesting a one-time password from the log in screen receive them as a text message or in their designated email address.
Use the following procedure to recover a one-time password by having it sent to a user's e-mail account.
Follow these steps:
- In theUser Console, do one of the following tasks:
- To create a copy of theForgotten Password ResetorForgotten User IDtask (recommended), selectRoles and Tasks,Admin Tasks,Create Admin Task. SelectCreate a copy of an admin task, and search for the task to copy. (You can also useForgotten PasswordorForgotten Login ID.)
- To modify the default task, selectRoles and Tasks,Admin Tasks,Modify Admin Task. Search for the task to modify.These steps assume that you use the Modify Admin Task option.
Identity Managerdisplays the tasks that match the criteria you entered. - Select theForgotten Passwordtask, and then clickSelect.
- On theSearchtab, selectBrowseto display a list of screens to edit.
- Select one of the following screens, and the clickEdit:
- Forgotten Password Search
- Forgotten User ID Search
- Forgotten Password
- Forgotten Login ID
- From theVerification Optiondrop-down list, selectOne Time Password.
- Configure the following sections of theOne Time Password Settingsbased on your needs, and then submit the task (by selectingOK, thenSubmit.):OTP Definition
- OTP Lifetime: Determines how long, in minutes, that an OTP is valid for after it is sent to a user email.
- Send OTP Limit: Determines how many times a user can request an OTP from their login session.
OTP E-Mail Delivery ConfigurationUsers can get their one-time passwords sent to their designated email address.- Email Delivery: Identify User Attributes containing an Email Address
This section displays the selected user attributes that contain an email address. If you are using the Out-Of-The-Box configuration, thePrimary Email, andAlternate Emailuser attributes automatically populate this section.- Attribute Name: Use the drop-down to select the user attributes that contain an email address. Email addresses are thePrimary EmailandAlternate Emailuser attributes in the Out-Of-the-Box environment.
- Hide firstandHide last: An email address appears on the OTP Verification screen that determines where to send the one-time password. Use these fields to enter the number of characters to mask in the user email.
OTP Verification Screen- Verification Screen Resource Bundle: Aresource bundleisIdentity Managerfile that associates user interface elements with locale-specific text strings, such as error messages. The default should suffice.
- Profile Screen for OTP Verify: The screen that is seen by end users when they want to request a one-time password. The default is Forgotten Password Verify OTP.: If you are upgrading from a version ofIdentity Managerthat does not have the OTP feature, use the Management Console to configure the ForgottenPasswordHandler logical attribute to set up the logical attribute |DeliveryOptions|.Follow these steps:
- In the Management Console, selectHome,Environment, <your environment>,Advanced Settings,Logical Attribute Handlers, and thenForgottenPasswordHandler.
- In theLogical Attributessection, add a new logical attribute with the following properties:
- Name: Delivery Options
- Attribute: |DeliveryOptions|
- Select andAdd, and thenSave.
- To apply this addition, restart your environment.
- ClickOKto return to theSelect Screen Definitionscreen.
- ClickSelect, and thenSubmit.
Verify the OTP
When users click "Forgot Password?" on the log in page, a prompt appears for them to enter their login ID. They must perform the following steps:
- Enter the login ID, and then clickOK.A verification page opens.
- Select theDelivery Optionsradio button.
- SelectSend me an OTP. The new, temporary one-time password is sent to their email address.
- Copy the one-time password and then paste it into theEnter generated OTP herefield.
- SelectOKto display the confirmation screen.
- Copy the temporary password that is displayed on this screen (the characters afterConfirmation: Temporary password is: )
- SelectOK.
- Log in using the name and temporary password you copied.
- Change and confirm the password, and then clickSubmit.A confirmation screen opens.
- ClickOKto return to the User Console.