This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Custom workflow - email user random generated password

 Hello guys,

 

I have just recently installed One Identity Password Manager version 5.7.0.1525 in our test-environment. We see that the existing workflows can not apply to our situation, and need to create a new simple custom workflow. We are looking for a self-selvice portal for our users where they simply can reset their password.

 

The workflow should consist of a user searching after his AD-user and then choose the custom workflow "Password email reset" workflow, a random generated password is set on the user account in AD (in addition: "user must change password at next logon" is checked), and an email is sent to the user with the password.

 

The best would be to email the user a link which he then access and set a new password - like the way facebook, gmail, etc do it. Is this possible? :)

 

Best regards

Bilal

Parents
  • I agree, it is an interesting 2FA scenario: when two independent credentials and mail systems are used to 2FA each other (AD01\EX01 - AD02\EX02).
    - AD01\jsmith resets password via http://AD01/PMUser on AD01\jsmith - email send to jmith@ad02.com with AD01\jsmith new password (clear text)
    Assumption: AD01 and AD02 must be in Sync. AD01\jsmith ad account must be resolved/mapped programatically to AD02\jsmith email address (example (a) AD01\jsmith.CA10 = jsmith@ad02.com, (b) PWM ADmin Service to make ldap query against AD02\DC with AD01\jsmith EmployeeID or sAMAccountName = "jsmith")
Reply
  • I agree, it is an interesting 2FA scenario: when two independent credentials and mail systems are used to 2FA each other (AD01\EX01 - AD02\EX02).
    - AD01\jsmith resets password via http://AD01/PMUser on AD01\jsmith - email send to jmith@ad02.com with AD01\jsmith new password (clear text)
    Assumption: AD01 and AD02 must be in Sync. AD01\jsmith ad account must be resolved/mapped programatically to AD02\jsmith email address (example (a) AD01\jsmith.CA10 = jsmith@ad02.com, (b) PWM ADmin Service to make ldap query against AD02\DC with AD01\jsmith EmployeeID or sAMAccountName = "jsmith")
Children
No Data