Password and identifier recovery

This page walks you through the different options of self-service account recovery.

Allow self-service username reminders

This setting adds a "Forgot your username?" link to the self-service login screen. Customers can have the reminders sent to either their email address or phone number. You can find out more about the username reminder customer experience at the link.


If an email address or phone is missing from a customer's account information, administrators can add it via the Admin Console.

Identifier screen

Identifier screen

Username reminders work for identity stores that support usernames.


Disable username reminders if your application's identity store only supports the email identifier.

Allow self-service password reset

This setting adds a self-service password reset option to the login screen.

Login screen with self-service password reset option

Password step

The option is displayed after customers have successfully identified themselves by a username or email address.


In case of identity stores that only support the 'USERNAME' identifier, the password reset option is only available when a customer has a confirmed email address or phone number.

When customers request password reset,

  • they are sent a secure link to their confirmed email address or
  • they are provided with a one-time passcode via their confirmed phone number

If customers have a confirmed email address and a confirmed phone number, they are sent a reset link by default, but can re-request password reset via phone.

If customers only have a confirmed phone number, a one-time passcode is provided for password reset.


Customers can also choose to have their passcode in a voice call.

Password reset workflows

Password reset workflows


If you disable self-service password reset at login, your service desk can still provide password support for your customers via the Admin Console.

Lifetime of password reset by email

Specify how much time customers have for using the Magic Link.


The lifetime of the link is set to 60 minutes by default. The link should be considered and treated as a secret.

Lifetime of password reset passcode by Phone

Specify how much time customers have for using a passcode.


The lifetime of the passcode is set to 6 minutes by default.

Length of password reset passcode by phone

You can specify the length of the one-time passcodes sent to customers.


The default passcode length is set to 6 characters.

Allow customers to change their password

Allow your customers to reset their password in their self-service account (MyAccount page).

Self-service password management dialogue

If you disable this option, your

  1. customers can still use the password reset email option (if enabled) at login
  2. service desk can still provide password support via the Admin Console

Defer password input

When enabled, this option places the password input fields at the end of the registration flow (if password authentication is required in the workflow).

This allows you to insert event hooks in the registration journey to check customer data against a third-party system, prepare account migration, or just lead customers through a flexible progressive profiling experience.