Configure user self-service
You can configure the user self-service features to use email address verification, which sends an email containing a link for user self-registration and forgotten password reset via AM’s email service. You can also send the forgotten username to the user by email if configured.
|
To configure user self-registration and password recovery in the ForgeRock Identity Platform, see the ForgeRock Identity Platform self-service documentation. |
The following table summarizes the high-level tasks required to configure the user self-service features:
| Task | Resources |
|---|---|
Create encryption and signing keys The user self-service features require a key pair for encryption and a signing secret key. Create one of each for each instance of user self-service you plan to configure. |
|
Configure a user self-service instance Each realm requires its own instance. |
|
Configure user self-service security Configure at least one security method for each feature:
|
|
Configure user self-service features Configure the features that your environment requires. |
|
You can also delegate user self-registration to IDM. |
Create a user self-service instance
-
In the AM admin UI, go to Realms > Realm Name > Services and select Add a Service.
-
Select User Self-Service from the list of possible services.
-
Populate the values of the Encryption Key Pair Alias and the Signing Secret Key Alias properties with the names of the key pair aliases in your JCEKS keystore.
Note that the name of the demo keys shows with a gray color; that does not mean the fields are filled in.
For example, if you are using the demo keys in the default
keystore.jceksfile, set the properties as follows:-
Encryption Key Pair Alias to
selfserviceenctest. -
Signing Secret Key Alias to
selfservicesigntest.The demo key aliases are for test or evaluation purposes. Do not use them in production environments. To create new key aliases, see Create self-service key aliases.
-
-
Enable the user self-service features.
-
Select Create.