PingFederate provides various self-service applications for end users to manage their accounts. These optional capabilities lower the costs of identity management by freeing administrators from round-the-clock service requests to change passwords, reset passwords, unlock accounts, and recover usernames. Designed for ease of deployment, these capabilities are integrated into the HTML Form Adapter. Administrators can easily enable some or all capabilities with a few configuration changes on a per-adapter basis. Like other user-facing windows, you can customize and localize the user-facing templates to provide the desired user experience.

PingFederate also allows users to unlock their accounts without submitting a ticket to the IT department. When enabled with SSPR, if an account is locked, a user can initiate an account unlock request at the Sign On window or the per-adapter Password Reset endpoint. Through the HTML Form Adapter, PingFederate prompts the user to prove ownership of the account using the password reset flow.

When users succeed in proving account ownership, they are allowed to retain their current passwords or to reset their passwords as needed. Furthermore, self-service account unlock is only compatible with PingDirectory and Microsoft Active Directory. If the underlying datastore is connected to Oracle Unified Directory or Oracle Directory Server, users can only unlock their account by changing their current password through the password reset flow.

Tip:

Similarly, when configuring customer identity and access management use cases, administrators can enable end users to manage their local accounts, connect or disconnect one or more social connections, and change or set the password for their local accounts. For more information, see Customer IAM configuration and Enabling profile management.