Versions Compared

Old Version 15

changes.mady.by.user Former user

Saved on

compared with

New Version 16

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

WSO2 Identity Server allows the user to recover their account username or password via a user-preferred channel. After initiating a username or password recovery, the user will be prompted to select a recovery channel and the user will then be notified via the selected notification channel. 

Channel NameClaimChannel Verified Claim
SMShttp://wso2.org/claims/mobilehttp://wso2.org/claims/phoneVerified
EMAILhttp://wso2.org/claims/emailaddresshttp://wso2.org/claims/emailVerified

This page guides you through configuring a user-preferred channel for account recovery and trying it out. 

Table of Contents

Account recovery flow

  • The user provides a set of unique claims to identify the user account.  
  • Then, the server will prompt the user to select one of the available notification channels to receive the recovery notification.
  • The user selects a notification channel.
  • The server sends the recovery notification to the user via the preferred notification channel.
  • If the flow is initiated for password recovery and the preferred channel is:
    • Email: Click on the reset link in the email and reset the password.
    • SMS: Provide the received One-Time Password(OTP) and reset the password.

...

  1. Click Resident under Identity Providers
  2. Expand Account Management Policies and then expand Account Recovery.  
  3. Select Enable Notification Based Password Recovery and Enable Username Recovery. Image RemovedImage Added
  4. Set the SMS OTP Expiry Time to configure the validation time of the OTP codes. 
  5. Select Internal Notification Management to enable sending notifications from WSO2 Identity Server. WSO2 IS is capable of sending notifications via Email or SMS. 
  6. Add the following SMS templates to the registry. For instructions, see Managing SMS Notification Templates Using the Registry
    • passwordReset
    • passwordResetSucess 
    • resendPasswordReset
    • accountIdRecovery
    Panel
    borderColorBlack
    bgColorWhite
    Expand
    titleTemplate Properties

    Username recovery template

    • Folder name: accountidrecovery
    • Resource name: en_us
    • Body = ["Hello, your username is {{userstore-domain}}/{{user-name}}@{{tenant-domain}}"] 
    • display : accountIdRecovery 
    • type : accountIdRecovery 
    • locale : en_US

    Password reset notification template

    • Folder name : passwordreset
    • Resource name: en_us
    • Body =  ["Your One-Time Password is : {{confirmation-code}}"] 
    • display : passwordReset 
    • type : passwordReset 
    • locale : en_US

    Password reset successful template

    • Folder name: passwordresetsucess
    • Resource name: en_us
    • Body = ["Successful Password Reset"] 
    • display : passwordResetSucess 
    • type : passwordResetSucess 
    • locale : en_US

    Resend password reset code template

    • Folder name: resendpasswordreset
    • Resource name: en_us
    • Body = ["Your One-Time Password is : {{confirmation-code}}"] 
    • display : resendPasswordReset 
    • type : resendPasswordReset 
    • locale : en_US

  7. Click Claims > Add > Add Local Claim


  8. Add the Preferred Channel Claim as a local claim: http://wso2.org/claims/identity/preferredChannel.

    Note

    The claim URI is case sensitive. 

    NOTE: Not configuring the above claim will give errors.

...