Password Recovery

Password Recovery Addon

Introduction to Password Recovery

What is Password Recovery?

Password recovery is an addon provides by Soffid. This addon allows to the end-users revover their passwords. 

Soffid provides the funtionality that allows to config the password recovery depending on the bussiness needs and using different technical solutions. The current available options are the following:

Use cases

Email recovery

When an end-user wants to recover his password with the email recovery method, Soffid will send an email with a PIN code to the end-user to recover his password.

The end-user must enter the PIN code and, if it is right, Soffid will display a window to write and cofirm the new password.

Questions and Answers recovery

When an end-user wants to recover his password with the Questions and Answers recovery method, Soffid will display a window to answer the questions configured previously by the end-user in the self service portal. 

If the answers are rigth, Soffid will display a window to write and cofirm the new password.

Remember, it will be mandatory to config the Questions and Answers in the Self service portal to use this recovery method. In other case, an error will be displayed and the end-user will have to contact with an administrator user.

OTP recovery

When an end-user wants to recover his password with the OTP recovery method, Soffid will display a window to enter the PIN code. The user will need to get the PIN code with an OTP application (Free Otp+, Google Authenticator and Microsoft Authenticator are the most used).

The end-user must enter the PIN code and, if it is right, Soffid will display a window to write and cofirm the new password.

Remember, it will be mandatory to config an OTP device in the Self service portal to use this recovery method. In other case, an error will be displayed and the end-user will have to contact with an administrator user.

For more information about the OTP method you can visit the Two factor authentication (2FA) book

SMS recovery

When an end-user wants to recover his password with the SMS recovery method, Soffid sends an SMS to the end-user with a PIN code to recover his password.

The end-user must to write the pin code and, if it is right, Soffid display a window to write and cofirm the new password.

ESSO

End-users could recover their passwords using ESSO.


Password Recovery questions

1. How long is a challenge/PIN valid? currently, it is 30 minutes.

2. How many times can a wrong PIN be entered? There is no limit

3. Do old challenges / PINs stay active when a new one is requested? Yes, they are active.

How to install Password Recovery in Soffid

Installation

Download

Please download the Soffid Password Recovery add-on.

You can download it at the following link http://www.soffid.com/download/enterprise/ if you have Soffid user with authorization, or in the following http://download.soffid.com/download/ by registering.

Upload

Once the Password Recovery add-on is downloaded, please log in to IAM Console.

You need to be an administrator user of the Soffid console or a user with permissions to upload addons.

In the Soffid console, please go to: "Main Menu > Administration > Configure Soffid > Global Settings > Plugins"  and upload the addon file, for more information visit the Addons Getting started page

Finally, when the addon is installed, it will be required to restart the Soffid Console.

Password recovery configuration

Password recovery configuration

Password recovery configuration

Description

Soffid provides you the functionality that allows to the users recover their passwords. To do that, the admin user, o a user with the proper roles, must config the the password recovery parameters.

Screen Overview

image-1711378217620.png

Custom attributes

Actions

Confirm changes

Allows you to save the data of password recovery configuration. To save the data it will be mandatory to fill in the required fields.


Password recovery configuration

Configure Default questions

Description

Soffid allows to the administrator user, o the user with the proper roles, to configure the default questions that will be displayed to the end-users. Those questions will be the default questions, the end-users could change them and configure other questions.

To config the question&answer recovery, the adminitrator-user needs to configure some parameters at the "Password recovery questions" tab:

Once, question&answer recovery parameters are configured, the end-users must complete the answers in the Self-service portal in order to user the recover password method when it will be necessary.

Screen Overview

Default questions

image-1638285896779.png

Parameters

image-1639393852036.png

Actions

Add

Allows you to add a new question to the question list.

First of all you need to click the add button (+), then Soffid will add a new row to write the new question. You must confirm the changes by clickin on the "Confirm changes" button.

Delete

Allows you to delete one by one the default questions. 

You need to click the subtraction icon at the end of the line that you want to delete.

 

Password recovery questions

Description

Soffid allows to end-user configure the questions and answers in Soffid console to recover the password when this functionality will be necessary.

The option to configure the Questions and Answerr is on My Profile page. At this page, the user could configure its owns questions and answers.

There is a config parameterer Enforce fill-in questions in Soffid Password recovery configuration to ask the answers to the end-user until these are filled in.

Screen Overview

My profile

The end-user could fill in the existing questions or add new questions.

image-1644233159500.png

 

Password recovery

 

Actions

Add

Allows you to add a new question to the question list.

First of all you need to click the add button (+), then Soffid will add a new row to write the new question. You must confirm the changes by clickin on the "Confirm changes" button.

Delete

Allows you to delete one by one the default questions. 

You need to click the subtraction icon at the end of the line that you want to delete.

Close

Allows you to close the form and save the updates

Recover password

By clicking the Recover password option, on the login page, the user could recover its password, in this case, using the password recovery questions.

Once the user click this option, Soffid will ask the user name to get the recovery questions and displays them. The user must to full fil the answers and click the recover button. If the answers are correct, Soffid allows to the user types a new password.