Recover the One-Time Password Task with E-Mail

A one-time password (OTP) is a password that is valid for only one login session or transaction for CA Identity Manager. You can create a one-time password task by either creating a new or modifying an existing Forgotten Password task. Users requesting a one-time password from the log in screen receive them as a text message or in their designated email address.
cim142
A one-time password (OTP) is a password that is valid for only one login session or transaction for CA Identity Manager. You can create a one-time password task by either creating a new or modifying an existing Forgotten Password task. Users requesting a one-time password from the log in screen receive them as a text message or in their designated email address.
Use the following procedure to recover a one-time password by having it sent to a user's e-mail account.
 
Follow these steps:
 
  1. In the 
    User Console
    , do one of the following tasks:
    • To create a copy of the 
      Forgotten Password Reset
       or 
      Forgotten User ID
       task (recommended), select 
      Roles and Tasks
      Admin Tasks
      Create Admin Task
      . Select
       Create a copy of an admin task
      , and search for the task to copy. (You can also use 
      Forgotten Password
       or 
      Forgotten Login ID
      .)
    • To modify the default task, select 
      Roles and Tasks
      Admin Tasks
      Modify Admin Task
      . Search for the task to modify.
      These steps assume that you use the Modify Admin Task option.
     
    Identity Manager
     displays the tasks that match the criteria you entered.
  2. Select the 
    Forgotten Password
     task, and then click 
    Select
    .
  3. On the 
    Search
     tab, select 
    Browse
     to display a list of screens to edit.
  4. Select one of the following screens, and the click 
    Edit
    :
    • Forgotten Password Search
    • Forgotten User ID Search
    • Forgotten Password
    • Forgotten Login ID
  5. From the 
    Verification Option
     drop-down list, select 
    One Time Password
    .
  6. Configure the following sections of the 
    One Time Password Settings
     based on your needs, and then submit the task (by selecting 
    OK
    , then 
    Submit
    .):
     
     
    OTP Definition
     
     
      •  
        OTP Lifetime
        : Determines how long, in minutes, that an OTP is valid for after it is sent to a user email.
      •  
        Send OTP Limit
        : Determines how many times a user can request an OTP from their login session.
     
     
    OTP E-Mail Delivery Configuration
     
     
    Users can get their one-time passwords sent to their designated email address.
      •  
        Email Delivery: Identify User Attributes containing an Email Address
         
    This section displays the selected user attributes that contain an email address. If you are using the Out-Of-The-Box configuration, the 
    Primary Email
    , and 
    Alternate Email
     user attributes automatically populate this section.
      •  
        Attribute Name
        : Use the drop-down to select the user attributes that contain an email address. Email addresses are the 
        Primary Email
         and 
        Alternate Email
         user attributes in the Out-Of-the-Box environment.
      •  
        Hide first
         and 
        Hide last
        : An email address appears on the OTP Verification screen that determines where to send the one-time password. Use these fields to enter the number of characters to mask in the user email.
     
     
    OTP Verification Screen
     
     
    •  
      Verification Screen Resource Bundle
      : A 
      resource bundle
       is 
      Identity Manager
       file that associates user interface elements with locale-specific text strings, such as error messages. The default should suffice.
    •  
      Profile Screen for OTP Verify
      : The screen that is seen by end users when they want to request a one-time password. The default is Forgotten Password Verify OTP.
      : If you are upgrading from a version of 
      Identity Manager
       that does not have the OTP feature, use the Management Console to configure the ForgottenPasswordHandler logical attribute to set up the logical attribute |DeliveryOptions|.
       
      Follow these steps:
       
      1. In the Management Console, select 
        Home
        Environment
        , <
        your environment
        >, 
        Advanced Settings
        Logical Attribute Handlers
        , and then 
        ForgottenPasswordHandler
        .
      2. In the 
        Logical Attributes
         section, add a new logical attribute with the following properties:
        •  
          Name
          : Delivery Options
        •  
          Attribute
          : |DeliveryOptions|
      3. Select and 
        Add
        , and then 
        Save
        .
      4. To apply this addition, restart your environment.
  7. Click 
    OK
     to return to the 
    Select Screen Definition
     screen.
  8. Click 
    Select
    , and then 
    Submit
    .
Verify the OTP
When users click "Forgot Password?" on the log in page, a prompt appears for them to enter their login ID. They must perform the following steps:
  1. Enter the login ID, and then click 
    OK
    .
    A verification page opens.
  2. Select the 
    Delivery Options
     radio button.
  3. Select 
    Send me an OTP
    . The new, temporary one-time password is sent to their email address.
  4. Copy the one-time password and then paste it into the 
    Enter generated OTP here
     field.
  5. Select 
    OK
     to display the confirmation screen.
  6. Copy the temporary password that is displayed on this screen (the characters after 
    Confirmation: Temporary password is: )
     
  7. Select 
    OK
    .
  8. Log in using the name and temporary password you copied.
  9. Change and confirm the password, and then click 
    Submit
    .
    A confirmation screen opens.
  10. Click 
    OK
     to return to the User Console.