PingFederate offers self-service user name recovery for users to recover their account in the event of forgotten user name via email.
When enabled, a user who forgot their user name can recover it by providing an email address. If PingFederate can locate the user record using such email address, PingFederate sends to the user at the provided address an email message containing the recovered user name. If the email ownership verification status is stored as part of the user record in the directory server, it is also possible to restrict the delivery of user name recovery email messages to users who have proven ownership of their email addresses.
This optional capability is integrated into the HTML Form Adapter and the LDAP
Username Password Credential Validator (PCV). PingFederate supports PingDirectory,
Microsoft Active Directory, Oracle Unified Directory, and Oracle Directory Server
out-of-the-box. Custom PCV implementations may also be developed to offer the same
capability for users stored in non-LDAP data sources. For more information, refer to the
RecoverableUsername
interface in Javadoc.
The Javadoc for PingFederate is located in the <pf_install>/pingfederate/sdk/doc directory.
You have now successfully created a new instance or modified an existing instance of the HTML Form Adapter with the self-service user name recovery capability.
When a user signs on through this adapter instance, the user has the option to recover the user name using the Trouble Signing On link, as illustrated in this screen capture.
Additionally, you can also provide your users the per-adapter Account Recovery endpoint (/ext/pwdreset/Identify), which allows them to recover their user name through this HTML Form Adapter instance without submitting SSO requests.