--- title: Configure user self-service description: The following table summarizes the high-level tasks required to configure the user self-service features: component: pingam version: 8.1 page_id: pingam:user-self-service:configuring-uss canonical_url: https://docs.pingidentity.com/pingam/8.1/user-self-service/configuring-uss.html keywords: ["Self-Service", "Registration", "Configuration & Setup"] page_aliases: ["user-self-service-guide:configuring-uss.adoc"] section_ids: create-uss-service: Create a user self-service instance --- # Configure user self-service The following table summarizes the high-level tasks required to configure the user self-service features: | Task | Resources | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Create encryption and signing keys**The user self-service features require a key pair for encryption and a signing secret key. Create one of each for each instance of user self-service you plan to configure. | * [Create self-service key aliases](../security/configuring-keys.html#changing-uss-keys) | | **Configure a user self-service instance**Each realm requires its own instance. | - [Create a user self-service instance](#create-uss-service) | | **Configure user self-service security**Configure at least one security method for each feature:- Configure the email service to send an email to users who are registering, resetting their passwords, or users who have forgotten their username. - Configure knowledge-based questions that users must answer to reset their passwords. - Configure Google reCAPCHA to protect user self-service features from bots. | * [Configure the email service](configuring-email-service.html) * [Configure the Google reCAPTCHA plugin](configuring-recaptcha.html) * [Configure knowledge-based security questions](configuring-kba.html) | | **Configure user self-service features**Configure the features that your environment requires. | - [Configure user registration](configuring-user-self-registration.html) - [Configure forgotten password reset](configuring-forgotten-password.html) - [Configure forgotten username retrieval](configuring-forgotten-username.html) | ## Create a user self-service instance 1. In the AM admin UI, go to Realms > *realm name* > Services and select Add a Service. 2. Select User Self-Service from the list of possible services. 3. Specify the secrets used to sign and encrypt the JWT token AM uses to track end users during user self-service operations. Do one of the following: * Enable the Use Secret Store property and configure the following secret IDs in the secret store: * `am.services.selfservice.token.encryption` * `am.services.selfservice.token.signing` * Populate the values of the Encryption Key Pair Alias and the Signing Secret Key Alias properties. For example, if you're using the demo keys in the default `keystore.jceks` file, set the properties as follows: * Encryption Key Pair Alias to `selfserviceenctest`. * Signing Secret Key Alias to `selfservicesigntest`. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | - By default, the name of the demo keys displays in grey. This doesn't mean the fields are filled in. - The demo key aliases are for test or evaluation purposes. Don't use them in production environments. Read [Create self-service key aliases](../security/configuring-keys.html#changing-uss-keys) to create new key aliases. | 4. Enable each of the user self-service features you require. 5. Select Create. 6. On the User Self-Service page, configure each feature as described in the sections that follow.