Previous Topic: ArcotID PKI Roaming FlowNext Topic: ArcotID OTP-Based Flows

Advanced Authentication ServiceGetting Started with Advanced AuthenticationAdvanced Authentication FlowsAdvanced Authentication FlowsArcotID PKI-Based FlowsForgot Password Flow

Forgot Password Flow

End users who forget their LDAP password can choose to reset their password by answering secret questions, which they set during enrollment. After changing the password, a new ArcotID is placed on the end user’s device.

Prerequisites:

This flow is based on the following configurations:

The Flow:

  1. In a browser window, the end user attempts to access a protected resource.
  2. On the login page, the end user specifies their user name and clicks the Forgot Password link.
  3. The end user is prompted for secondary authentication, and the following steps take place:
    1. The Advanced Authentication application invokes IdentityMinder to retrieve the security questions.
      The page with challenge questions is presented to the end user. On the same page, the end user can specify whether the ArcotID PKI must be stored for future sessions.
    2. The end user answers the security questions.
    3. The Advanced Authentication application invokes IdentityMinder again to verify the answers.
  4. The browser displays the login page with the user name and challenges the end user for the new password.

    The end user provides a new password.

Note: The behavior of this flow is also applicable in case a credential expires. The only difference is that the end user does not click on the "Forgot Password" link.