Make sure you have configured an LDAP datastore connection in PingFederate to connect to your application to enable self-service password reset.

This task covers specific configuration steps. For comprehensive instructions, see Setting up an LDAP connection in PingFederate.

An HTML Form Adapter instance is used to validate a user authentication session with a PCV and an LDAP datastore connection. This authentication mechanism allows you to customize a user's sign-on experience, such as:

  • Enabling self-service password reset
  • Account unlock
  • Notifying users with password expiration information
  • Localizable template files

To create or modify an HTML Form Adapter instance with a password credential validator (PCV) and an LDAP datastore connection for self-service password management:

  1. Go to Identity Provider > IdP Adapters and choose an HTML Form Adapter:
    • In the Instance Name list, reuse an existing HTML Form Adapter.
    • Click Create New Instance to create one.
  2. Go to the IdP Adapter tab:
    1. Click Add New Row to 'Credential Validators' and add the PCV that's linked to your LDAP connection. Click Update.
    2. Select the Allow Password Changes check box.

      You must select the Allow Password Changes check box to enable password reset. If you don't enable this setting, your changes can't be saved.

    3. Optional: To send the user an email when their password is changed, select the Change Password Email Notification check box.
    4. Optional: To alert the user with an approaching password expiry message at sign on, select the Show Password Expiring Warning check box.
    5. In the Password Reset Type row, click the password reset method that you want to use.
      Screen capture of the IdP Adapter tab configuration. There are check boxes for the Change Password Email Notification and Show Password Expiring Warning settings. Only the Show Password Expiring Warning check box is selected. In the Password Reset Type section, the user has the following method options to select for self-service password reset type: Authentication Policy, Email One-Time Link, Email One-Time Password, PingID, Text Message, or None as radio buttons. The PingID reset type is clicked.
    6. To allow a user with a locked account to unlock the account using the password reset function, select the Account Unlock check box.
  3. To edit the templates for the HTML pages for password reset:
    1. Click Show Advanced Fields.
    2. Edit the relevant template fields as needed with the appropriate HTML template.

      If you modify and rename a template, make sure to update the template name of that specific template.

      Screen capture of the IdP Adapter tab configuration. There are settings for the HTML templates that support the password reset function. The user can edit the Password Reset Username Template, Password Reset Code Template, Password Reset Template, Password Reset Error Template, Password Reset Success Template, and Account Unlock Template. The fields have the following entries: Password Reset Username Template has forgot-password.html entered, Password Reset Code Template has forgot-password-resume.html entered, Password Reset Template has forgot-password-change.html, Password Reset Error Template has forgot-password-error.html, Password Reset Success Template has forgot-password-success.html, and Account Unlock Template has account-unlock.html entered.
  4. For the PingID password reset type, in the PingID Properties field, import your PingID properties file from PingOne.

    This is the same file you used to setup your PingID adapter in PingFederate.

  5. Configure the remaining settings as needed. Click Next.

    For more information about the settings, see Configuring an HTML Form Adapter instance and HTML Form Adapter advanced fields.

  6. On the Summary tab, click Save.
You have successfully created an instance of the HTML Form Adapter with the self-service password reset capability. When a user signs on through this adapter instance, the sign-on page displays the Change Password? and Trouble Signing On? options.