Advanced Authentication Service › Getting Started with Advanced Authentication › Advanced Authentication Flows › Advanced Authentication Flows › ArcotID OTP-Based Flows › Forgot My PIN Flow

Forgot My PIN Flow

This section describes how end users who forget their PIN can reset it.

The flow described here is based on the following assumptions:

• An ArcotID PKI credential has been issued to the end user.
• The end user had set the PIN at the time of enrollment, but has forgotten it.

End users can reset their PIN as follows:

1. When trying to access a protected resource in a browser, the end user is prompted for their user name and OTP.
2. The end user, who has forgotten their PIN, specifies their user name and clicks the Help icon next to the One Time Password field.

   The resulting help page provides three links to enroll for advanced authentication, reset PIN, and perform roaming authentication.

3. The end user clicks the Forgot my PIN link.
4. On the resulting page, the end user is prompted for secondary authentication using the security question or security code mechanism.
5. The end user successfully completes the secondary authentication.
6. Depending on whether two-step authentication is enabled or not, either of the following steps take place:
   • If two-step authentication is not enabled, the end user is sent an activation email with a one-time password.
   • If two-step authentication is enabled:
     1. The end user is authenticated again using another form of secondary authentication.

     Note: If security question was used the first time, then security code is used in this step. Conversely, if security code was used the first time, then security question is used in this step.

     1. If the verification is successful, the end user is sent an activation email a one-time password.
7. The end user is prompted for this one-time password, after which they can set a new PIN and confirm the same.
8. On resetting their PIN, a new ArcotID OTP credential is placed on the end user’s device.

   The end user will get mail with details to download the ArcotID OTP card in the ArcotID OTP client.

9. The end user is then taken back to the login page to proceed with authentication.