Password and identifier recovery

This page walks you through the different options of self-service account recovery.

Allow self-service username reminders

This setting adds a "Forgot your username?" link to the self-service login screen.

Identifier screen

Identifier screen


When requesting a username reminder, customers are asked to provide an email address.

Username reminders work for two types of identity stores:

When both identifiers are required

Both username and email address are required by the identity store and customers can use either of them to identify themselves.

When asking for a username reminder, customers have to provide their email identifier for this type of identity store.

When only username identifier is required

Customers can only identify themselves by the username they've provided at registration.

They can still ask for a username reminder, but they have to request it to an email address they've added to their profile as basic information.


If the email address is missing from a customer's account information, administrators can add it via the Admin Console.


Disable username reminders if your application's identity store only supports the email identifier.

Allow self-service password reset

This setting adds a self-service password reset option to the login screen.

Login screen with self-service password reset option

Password step

The option is displayed after customers have successfully identified themselves by a username or email address.


In case of identity stores that only support the 'USERNAME' identifier, the password reset option is only available when a customer has a confirmed email address or phone number.

When customers request password reset,

  • they are sent a secure link to their confirmed email address or
  • they are provided with a one-time passcode via their confirmed phone number

If customers have a confirmed email address and a confirmed phone number, they are sent a reset link by default, but can re-request password reset via phone.

If customers only have a confirmed phone number, a one-time passcode is provided for password reset.


Customers can also choose to have their passcode in a voice call.

Password reset workflows

Password reset workflows


If you disable self-service password reset at login, your service desk can still provide password support for your customers via the Admin Console.

Lifetime of password reset by email

Specify how much time customers have for using the Magic Link.


The lifetime of the link is set to 60 minutes by default. The link should be considered and treated as a secret.

Lifetime of password reset passcode by Phone

Specify how much time customers have for using a passcode.


The lifetime of the passcode is set to 6 minutes by default.

Length of password reset passcode by phone

You can specify the length of the one-time passcodes sent to customers.


The default passcode length is set to 6 characters.

Allow customers to change their password

Allow your customers to reset their password in their self-service account (MyAccount page).

Self-service password management dialogue

If you disable this option, your

  1. customers can still use the password reset email option (if enabled) at login
  2. service desk can still provide password support via the Admin Console

Defer password input

When enabled, this option places the password input fields at the end of the registration flow (if password authentication is required in the workflow).

This allows you to insert event hooks in the registration journey to check customer data against a third-party system, prepare account migration, or just lead customers through a flexible progressive profiling experience.