Considerations

Note: If you are running Delegated Admin 3.5 or earlier, upgrade it to the latest version to use PingDirectory 8.0 or later. For information about the compatibility between Delegated Admin and PingDirectory Server versions, see the Compatibility matrix.

Perform the following steps to enable the Initiate Password Reset menu option on user entries. This feature is enabled for new installs via the delegated-admin.dsconfig script run on install.

  1. Run the following command to enable the plugin needed for triggering Initiate Password Reset:
    dsconfig set-plugin-prop \
--plugin-name "Modifiable Password Policy State Plugin" \
--set enabled:true --set "base-dn:${searchbasedn}" \
--set "filter:(|(objectClass=person)(objectClass=ds-cfg-user))"
  2. Run the following command to add a DA attribute to the users rest type for ds-pwp-modifiable-state-json: 
    dsconfig create-delegated-admin-attribute \
--type-name users  \
--attribute-type ds-pwp-modifiable-state-json  \
--set "display-name:Modifiable Password Policy State"  \
--set display-order-index:9999

To use the functionality where a help desk agent can trigger a password reset for a user, the Modifiable Password Policy State Plugin must be enabled on the Directory Server that serves as a resource backend.

Note:

When you install Delegated Admin 4.6, this plugin is enabled. If you are upgrading from a previous version of Delegated Admin, you must manually enable the plugin and add the ds-pwp-modifiable-state-json attribute as a Delegated Admin attribute.