Enabling forgotten password authentication

When a user forgets the IBM Verify Identity Governance password and must reset it, the user must verify credentials with the system.

Before you begin

Depending on how your system administrator customized your system, you might not have access to this task. To obtain access to this task or to have someone complete it for you, contact your system administrator.

About this task

An administrator typically defines the forgotten password challenges for a user to attempt a forgotten password recovery.

Note: This task is effective only if a WebSphere® account repository is specified. This field is on the ITIM Service Manage Services > Change a Service > Service Information page. This repository can be ITIM Service or a service managed by the Identity Manager server. If no registry is specified, the forgotten password option is not available on the Login page.

Respond to a set of forgotten password challenges with answers that you previously specified. Responses are not case-sensitive by default, because the enrole.challengeresponse.responseConvertCase property from the enRole.properties file has a default value that is lower. The answers are stored in lowercase in the directory server. An answer that you entered is converted to lowercase while it is compared with the stored answers. If you want answers to be case-sensitive, change the value for enrole.challengeresponse.responseConvertCase from lower to none.

Note: The requirement that a user must answer the challenge questions is configurable. By default, the user can bypass the challenge questions. You can force the user to respond to the challenge questions by modifying the property ui.challengeResponse.bypassChallengeResponse in the ui.properties file. To force user response, set the value to false. For more information, see the ui.properties topic in the Reference > Supplemental property files section.