--- title: Password reset description: IDM supports self-service user password reset. When enabled, users who forget their passwords can log in to the IDM End User UI, and can verify their identities with options such as email validation and security questions. component: pingidm version: 7.5 page_id: pingidm:self-service-reference:password-reset canonical_url: https://docs.pingidentity.com/pingidm/7.5/self-service-reference/password-reset.html keywords: ["JSON", "Configuration", "Authentication", "Self-Service", "User Self-Service", "Password Reset"] --- # Password reset IDM supports self-service user password reset. When enabled, users who forget their passwords can log in to the IDM End User UI, and can verify their identities with options such as email validation and security questions. You can also generate random passwords when you create users. For more information, refer to [Generate random passwords](../security-guide/passwords.html#random-passwords). Password reset lets registered users reset their own passwords. The following stages can be included in a password reset process: * [Captcha stage](stages/stage-captcha.html) (optional) * [User query stage](stages/stage-user-query.html) (mandatory) * [Email validation stage](stages/stage-email-validation.html) (optional) * [KBA security answer verification stage](stages/stage-kba-security-answer-verification.html) (optional) * [Password reset stage](stages/stage-reset.html) (mandatory) If all of these stages are configured, the password reset configuration (in `conf/selfservice-profile.json` looks similar to the following: > **Collapse: Example password reset configuration** > > ```json > { > "stageConfigs" : [ > { > "name" : "captcha", > "recaptchaSiteKey" : "...", > "recaptchaSecretKey" : "...", > "recaptchaUri" : "https://www.google.com/recaptcha/api/siteverify" > }, > { > "name" : "userQuery", > "validQueryFields" : [ > "userName", > "mail", > "givenName", > "sn" > ], > "identityIdField" : "_id", > "identityEmailField" : "mail", > "identityUsernameField" : "userName", > "identityServiceUrl" : "managed/user" > }, > { > "name" : "emailValidation", > "identityEmailField" : "mail", > "emailServiceUrl" : "external/email", > "emailServiceParameters" : { > "waitForCompletion" : false > }, > "from" : "info@example.com", > "subject" : "Reset password email", > "mimeType" : "text/html", > "subjectTranslations" : { > "en" : "Reset your password", > "fr" : "Réinitialisez votre mot de passe" > }, > "messageTranslations" : { > "en" : "...Click to reset your password...", > "fr" : "...Cliquez pour réinitialiser votre mot de passe..." > }, > "verificationLinkToken" : "%link%", > "verificationLink" : "https://localhost:8443/#/passwordreset/" > }, > { > "name" : "kbaSecurityAnswerVerificationStage", > "kbaPropertyName" : "kbaInfo", > "identityServiceUrl" : "managed/user", > "kbaConfig" : null > }, > { > "name" : "resetStage", > "identityServiceUrl" : "managed/user", > "identityPasswordField" : "password" > } > ], > "snapshotToken" : { > "type" : "jwt", > "jweAlgorithm" : "RSAES_PKCS1_V1_5", > "encryptionMethod" : "A128CBC_HS256", > "jwsAlgorithm" : "HS256", > "tokenExpiry" : "300" > }, > "storage" : "stateless" > } > ```