Configuring self-service user name recovery
Use PingFederate’s self-service user name recovery feature to enable users to recover their lost user names through their email addresses.
About this task
PingFederate offers self-service user name recovery for users to recover their accounts through email if they forget their user names.
This optional capability is integrated into the HTML Form Adapter and the LDAP Username Password Credential Validator (PCV). PingFederate supports PingDirectory, Microsoft Active Directory, Oracle Unified Directory, and Oracle Directory Server out-of-the-box. Custom PCV implementations can also be developed to offer the same capability for users stored in non-LDAP data sources. For more information,see the RecoverableUsername
interface in Javadoc.
The Javadoc for PingFederate is located in the |
Steps
-
Go to Authentication → Integration.On the IdP Adapters window, create a new HTML Form Adapter instance.
You can also reuse an existing HTML Form Adapter instance. If you do, skip to [pf_substep_enableUsernameRecovery] to configure your adapter instance to enable the self-service user name recovery capability.
-
Select the HTML Form Adapter instance as the credential validator.
-
Optional: Update any default values or options.
-
Select the Enable Username Recovery check box.
-
Select a notification publisher instance from the list.
If you have not yet configured the desired notification publisher instance, click Manage Notification Publishers.
-
Click Show Advanced Fields to review or modify default values related to self-service user name recovery.
Example:
Select the Require Verified Email check box if you want PingFederate to only send user name recovery email messages to users who have proven ownership of their email addresses.
-
-
Optional: Customize and localize the on-window messages and notification messages.
Result
You successfully created a new instance or modified an existing instance of the HTML Form Adapter with the self-service user name recovery capability.
When a user signs on through this adapter instance, the user has the option to recover the user name using the Trouble Signing On link.
You can also provide your users the per-adapter username recovery endpoint /ext/idrecovery/Recover
, which allows them to recover their user name through this HTML Form Adapter instance without submitting single sign-on (SSO) requests.