User Tools

Site Tools

:: Version 2.6.0 ::

2_6_0:admin:forgot_password

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

2_6_0:admin:forgot_password [2019/01/09 16:40] (current)
Line 1: Line 1:
 +====== I forgot my password ======
 +
 +iTop provides a mean for the end-users to regain access to iTop... without bothering an administrator.
 +
 +<​note>​
 +Prior to iTop 2.0.2, this feature was not available. As the feature is enabled by default, upgrading to 2.0.2 will make it be available unless you disable it
 +</​note>​
 +
 +===== Workflow =====
 +A new link, at the bottom of the login form, allows the end-user to regain access to iTop.
 +
 + ​{{:​2_6_0:​admin:​forgot_password_1.png|Login page}}
 +
 +
 +The end-user gives his/her login identifier.
 +
 + ​{{:​2_6_0:​admin:​forgot_password_2.png|Reset Password}}
 +
 +
 +iTop searches for the corresponding account, and sends an email.
 +
 + ​{{:​2_6_0:​admin:​forgot_password_3.png}}
 +
 +The user gets the email
 +
 + ​{{:​2_6_0:​admin:​forgot_password_4.png}}
 +
 +The user clicks on the given link, and get a form to change the password (the old password is -for sure!- not requested, as opposed to the standard form to change a password).
 +
 + ​{{:​2_6_0:​admin:​forgot_password_5.png}}
 +
 + ​{{:​2_6_0:​admin:​forgot_password_6.png}}
 +
 +===== Security concerns =====
 +The link given to the user is a single usage link.
 +
 + ​{{:​2_6_0:​admin:​forgot_password_single_usage.png}}
 +
 +
 +If the user attempts several times to reset his password, then only the latest link will be valid.
 +
 +<note important>​The email address must correspond to the login. That is the key point.</​note>​
 +
 +===== Configuration =====
 +As the features relies on sending emails, you must first ensure that iTop has the capability to send emails. To check if it currently working, use the page ''/​setup/​email.test.php''​. To configure emailing, see [[2_6_0:​admin:​notifications#​email_configuration|Email configuration]]. Please note that such emails are sent synchronously even if the emails are configured to be sent asynchronously.
 +
 +Moreover, the feature relies on the accounting data:
 +  * The user must be of type iTop user (it will not work for LDAP users)
 +  * A contact must be associated to the user
 +  * The contact must have a valid email configured
 +
 +If none of your users will benefit from the feature, then you can disable it by setting the ''​forgot_password''​ parameter to false in the iTop configuration file. In such a case, the hyperlink will disappear from the login page.
 +
 +===== Errors =====
 +
 +There are a few conditions to be met unless the feature is not available for a given user. Here is a screen shot of a failed attempt:
 +
 + ​{{:​2_6_0:​admin:​forgot_password_nocontact.png}}
  
2_6_0/admin/forgot_password.txt ยท Last modified: 2019/01/09 16:40 (external edit)

";