PingDirectory

Setting up initiate password reset for REST resource types

To initiate a password reset, a given REST resource type must have the ds-pwp-modifiable-state-json delegated admin attribute.

About this task

The ds-pwp-modifiable-state-json delegated admin attribute is not visible on the View/Edit and Reporting pages. It’s for internal use only, similar to the ds-pwp-account-disabled attribute.

To enable initiate password reset functionality for a specified REST resource type:

Steps

  • Run dsconfig with the create-delegated-admin-attribute option.

    Example:

    The following example grants "Tenant Users" the initiate password reset functionality through the ds-pwp-modifiable-state-json delegated admin attribute.

    dsconfig create-delegated-admin-attribute \
        --type-name "Tenant Users"  \
        --attribute-type ds-pwp-modifiable-state-json  \
        --set "display-name:Modifiable Password Policy State"