salden Absent Member.
Absent Member.
740 views

SSPR User Account Activiation

We implemented SSPR after having a homegrown system for Password resets. It has been working good so far but I was asked to make a change to allow users who have already logged into LDAP (AD in our case) to be able to use the user account activation setup. The issues I have with this is I think anyone can continuously just reactivate their account instead of going the proper ways to reset their password.

Question here is, how does everyone else handle people who have already logged into LDAP but have never logged into SSPR?

My suggestion was we force the users to call our helpdesk and we give them a temp password or I do an ldap query in allow for one grace login so they can log in to the environment and change their password.

Thoughts/Ideas?
0 Likes
1 Reply
lah
New Member.

Re: SSPR User Account Activiation

Hi. We use PWM here - the OpenSource version.

What we do is: we have a few extra LDAP attributes. One specifically controls that: pwmWaitingForActivation - BOOLEAN. Every new user, or the ones who you want, you set the attribute to true. You then 'filter' the option so only people who have that can use the Activation process. Beside that, when a user does any other stuff in SSPR (profile update, password change, otp set) you set that attr to false.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.