This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Custom workflow - email user random generated password

 Hello guys,

 

I have just recently installed One Identity Password Manager version 5.7.0.1525 in our test-environment. We see that the existing workflows can not apply to our situation, and need to create a new simple custom workflow. We are looking for a self-selvice portal for our users where they simply can reset their password.

 

The workflow should consist of a user searching after his AD-user and then choose the custom workflow "Password email reset" workflow, a random generated password is set on the user account in AD (in addition: "user must change password at next logon" is checked), and an email is sent to the user with the password.

 

The best would be to email the user a link which he then access and set a new password - like the way facebook, gmail, etc do it. Is this possible? :)

 

Best regards

Bilal

Parents
  • I don't believe that implementation is a useful sample for this design.

    From the readme.txt:

    This sample demonstrates a custom web service that assigns passcodes to users.

    The web service allows interacting with external systems so that they can trigger passcode assignment and know the passcode that was assigned.

    To use this sample:

    1. Create a custom web service with the script provided in the "SetPasscode.txt" file.

    2. Form and open the following URL:
    http://<pmserver>/PMUser/ws/<service_URL>?user=<user_sAMAccountName>&domain=<domain_FQDN>
    Where:
    - pmserver - name of the computer on which the Password Manager Service is installed.
    - service_URL - URL specified when creating the custom web service.
    - user_sAMAccountName - sAMAccountName of a user to whom a passcode is assigned.
    - domain_FQDN - fully qualified domain name of a domain to which the user belongs. Note: a connection to this domain must be configured in Password Manager.

    3. Expected result is an XML document that contains the passcode and passcode creation log.



    You'd want to take snippets from it instead of the entire implementation.

    For example, this is relevant:

    #Obtain user's GUID
    $userId = $user.objectGUID

    #Generate a passcode for a user
    $PASSCODE= $global.GeneratePasscode($PASSCODE_LENGTH)
    $log += "Generated passcode $PASSCODE"

    #Assign passcode to a user
    $global.QAProfileAssignPasscode($connection, $userId, $passcode, $PASSCODE_LIFETIME)
    $log += "Passcode assigned to user $userName"

    if ($EMAIL_SUBJECT -ne "" -and $EMAIL_BODY -ne "")
    {
    #Send e-mail with passcode, if user has an e-mail address
    if ($user.mail -ne "")
    {
    $log +="Sending passcode to $($user.mail)"
    $subject = $ExecutionContext.InvokeCommand.ExpandString($EMAIL_SUBJECT)
    $body = $ExecutionContext.InvokeCommand.ExpandString($EMAIL_BODY)
    $global.EmailUserHtml($mail, $subject, $body)
    }
    else
    {
    $log +="User account has no mail, will not send e-mail with passcode"
    }
    }
Reply
  • I don't believe that implementation is a useful sample for this design.

    From the readme.txt:

    This sample demonstrates a custom web service that assigns passcodes to users.

    The web service allows interacting with external systems so that they can trigger passcode assignment and know the passcode that was assigned.

    To use this sample:

    1. Create a custom web service with the script provided in the "SetPasscode.txt" file.

    2. Form and open the following URL:
    http://<pmserver>/PMUser/ws/<service_URL>?user=<user_sAMAccountName>&domain=<domain_FQDN>
    Where:
    - pmserver - name of the computer on which the Password Manager Service is installed.
    - service_URL - URL specified when creating the custom web service.
    - user_sAMAccountName - sAMAccountName of a user to whom a passcode is assigned.
    - domain_FQDN - fully qualified domain name of a domain to which the user belongs. Note: a connection to this domain must be configured in Password Manager.

    3. Expected result is an XML document that contains the passcode and passcode creation log.



    You'd want to take snippets from it instead of the entire implementation.

    For example, this is relevant:

    #Obtain user's GUID
    $userId = $user.objectGUID

    #Generate a passcode for a user
    $PASSCODE= $global.GeneratePasscode($PASSCODE_LENGTH)
    $log += "Generated passcode $PASSCODE"

    #Assign passcode to a user
    $global.QAProfileAssignPasscode($connection, $userId, $passcode, $PASSCODE_LIFETIME)
    $log += "Passcode assigned to user $userName"

    if ($EMAIL_SUBJECT -ne "" -and $EMAIL_BODY -ne "")
    {
    #Send e-mail with passcode, if user has an e-mail address
    if ($user.mail -ne "")
    {
    $log +="Sending passcode to $($user.mail)"
    $subject = $ExecutionContext.InvokeCommand.ExpandString($EMAIL_SUBJECT)
    $body = $ExecutionContext.InvokeCommand.ExpandString($EMAIL_BODY)
    $global.EmailUserHtml($mail, $subject, $body)
    }
    else
    {
    $log +="User account has no mail, will not send e-mail with passcode"
    }
    }
Children
No Data