Password and identifier recovery
This page walks you through the different options of self-service account recovery.
Allow self-service username reminders
This setting adds a "Forgot your username?" link to the self-service login screen.
When requesting a username reminder, customers are asked to provide an email address.
Username reminders work for two types of identity stores:
When both identifiers are required
Both username and email address are required by the identity store and customers can use either of them to identify themselves.
When asking for a username reminder, customers have to provide their email identifier for this type of identity store.
When only username identifier is required
Customers can only identify themselves by the username they've provided at registration.
They can still ask for a username reminder, but they have to request it to an email address they've added to their profile as basic information.
If the email address is missing from a customer's account information, administrators can add it via the Admin Console.
Disable username reminders if your application's identity store only supports the email identifier.
Allow self-service password reset
This setting adds a self-service password reset option to the login screen.
The option is displayed after customers have successfully identified themselves by a username or email address.
In case of identity stores that only support the 'USERNAME' identifier, the password reset option is only available when a customer has a confirmed email address or phone number.
When customers request password reset,
- they are sent a secure link to their confirmed email address or
- they are provided with a one-time passcode via their confirmed phone number
If customers have a confirmed email address and a confirmed phone number, they are sent a reset link by default, but can re-request password reset via phone.
If customers only have a confirmed phone number, a one-time passcode is provided for password reset.
Customers can also choose to have their passcode in a voice call.
If you disable self-service password reset at login, your service desk can still provide password support for your customers via the Admin Console.
Lifetime of password reset by email
Specify how much time customers have for using the Magic Link.
The lifetime of the link is set to 60 minutes by default. The link should be considered and treated as a secret.
Lifetime of password reset passcode by Phone
Specify how much time customers have for using a passcode.
The lifetime of the passcode is set to 6 minutes by default.
Length of password reset passcode by phone
You can specify the length of the one-time passcodes sent to customers.
The default passcode length is set to 6 characters.
Allow customers to change their password
Allow your customers to reset their password in their self-service account (MyAccount page).
If you disable this option, your
- customers can still use the password reset email option (if enabled) at login
- service desk can still provide password support via the Admin Console
Defer password input
When enabled, this option places the password input fields at the end of the registration flow (if password authentication is required in the workflow).
This allows you to insert event hooks in the registration journey to check customer data against a third-party system, prepare account migration, or just lead customers through a flexible progressive profiling experience.
Updated 17 days ago