Hi,
I had 3 instances of SSPR 4.4 Appliances fronted with a load-balancer. SSPR is configured using eDir 9.1 with about 200K user by next year. No Challenge-Response enabled, using Email OTP as verification.
Now I would like to use SSPR 4.4 Password Expiration Notification feature, however I have a few questions at hands
(i) Do I enable on all 3 instances, or select one 1 SSPR instance for this ? I kinda have a feeling if enable on all 3, user will receive 3 password expiration emails.
(ii) Does user need to login to SSPR in order to kickstart Password Expiration Notification, or there is background process checking eDirectory Password Expiration Time to send out notification. Note that users may not even access / login to SSPR at all until Reset Password via Email OTP.
(iii) SSPR maybe integrated with Access Manager 4.5 for SSO via OAuth protocol instead of Identity Injection via Access Gateway, and configured as Password Expiration Servlet. I believe such scenario have no impact with SSPR Password Expiration Notification feature.
Any thoughts ?
Regards,
Keng