Skip to main content
Version: On prem: 15.0.3

Password reset

Enable authenticated password reset

info

This instruction applies only to the Omada Identity Cloud solution. For on-prem instruction, refer to the section below.

Follow these steps to enable the password reset process:

  1. Go to Setup > Master Data > All systems and choose Active Directory.

  2. In the Provisioning folder, open the General Settings.

  3. Select the Enable password reset checkbox.

  4. Enable the OPS password reset client by activating the master setting PWROPSCLIENT.

note

If the self-service Change password process is in scope, it is required to validate the active users password:

  • For customers using AzureAD, this can be enabled by the master setting PWRAZUREADCLIENT. If set, the customer setting PWRAZURESYSTEMID must be configured with the SYSTEMID of the Microsoft Entra ID containing the active users (which is typically synchronized with Active Directory).

  • Likewise for validation of LDAP-enabled user repositories, use the master setting PWRLDAPCLIENT and the customer setting PWRLDAPSYSTEMID.

You can disable the validation of the active users password with the customer setting PWREnforcePWValidation. Please note that this is not recommended, as this may leave the Change password process vulnerable if a workstation is left unlocked.

Enable authenticated password reset on-prem

Follow these steps to enable the password reset process:

  1. Go to Setup > Master Data > All systems and choose Active Directory.

  2. In the Provisioning folder, open the General Settings.

  3. Select the Enable password reset checkbox.

  4. At the bottom of the Provisioning folder, click Commit settings.

  5. Run the following query on the Enterprise Server database. Replace <enter AD system id> with the identity storage system you have chosen.

In the following example, we have used AD System ID:

IF NOT EXISTS (SELECT * FROM [dbo].[tblCustomerSetting] WHERE [key] = 'PWRADSYSTEMID')        BEGIN
            INSERT INTO [dbo].[tblCustomerSetting]([Key],[Name],[Description],[ValueStr],[Type],[Category],[IsPublic])
            VALUES ('PWRADSYSTEMID','Password AD Client SystemID','','<enter AD system id>',0,'Password Reset',0)
        END
    IF NOT EXISTS (SELECT * FROM [dbo].[tblMasterSetting] WHERE [key] = 'PWRADCLIENT')
    BEGIN
        INSERT INTO [dbo].[tblMasterSetting]([Key],[Name],[Description],[ValueBool],[Type])
        VALUES ('PWRADCLIENT','Password reset AD client','Enable the password reset AD client',1,0)
    END
    ELSE
    BEGIN
            UPDATE [dbo].[tblMasterSetting] SET [ValueBool] = 1 WHERE [key] = 'PWRADCLIENT'
    END
    IF NOT EXISTS (SELECT * FROM [dbo].[tblMasterSetting] WHERE [key] = 'PWROPSCLIENT')
    BEGIN
            INSERT INTO [dbo].[tblMasterSetting]([Key],[Name],[Description],[ValueBool],[Type])
            VALUES ('PWROPSCLIENT','Password reset via Provisioning Service','Execute password reset actions via the Omada Provisioning Service',1,0)
    END
    ELSE
    BEGIN
            UPDATE [dbo].[tblMasterSetting] SET [ValueBool] = 1 WHERE [key] = 'PWROPSCLIENT'
END