Secure Password Reset (PWReset) with need of two factors

[Manfred Lang]

Hello,

I would like to set up the "Secure Password Reset" (PWReset) application with need of two-factor authentication to reset the static LDAP password. The user should, for example, enter a TOTP token and a one-time code received via email or SMS to reset the static LDAP password.

Is this possible, and if so, how? Thank you for your suggestions.

Sincerely, Manfred

[Yoann Traut (RCDevs)]

Hello Manfred,

This scenario is not supported.

Available options with password-reset access are:

• Username + Password + OTP (OTP via SMS, email, token, push, etc.) or FIDO/Passkeys

• Username + OTP or FIDO/Passkeys

• Username + PIN + OTP or FIDO/Passkeys

• Access to the portal via a one-time link issued from the WebADM Admin portal, Helpdesk portal, or API
  (Portal access is locked by default and the link can be sent by email, SMS, or both.)

• Access to the portal unlocked on demand by a WebADM admin, Helpdesk admin, or API
  (Portal access is locked by default and must be explicitly unlocked per user.)

• Access through a client certificate

• Access through a Kerberos ticket replacing the username/password combination. If OTP or FIDO is required, the user will be prompted accordingly.

Regards

[Manfred Lang]

Hello Traut,

thank you for your help again. Too bad, then please consider it as a feature request. After Entering with Token, a E-Mail or SMS OTP-Code should be generated to verify the user twice. That is like for example Microsoft or Google do, to reset the static password.

In the meantime, we have opted for the link + token method for PWReset App:



Best regards, Manfred Lang

[Yoann Traut (RCDevs)]

I will check with the development team regarding feasibility.

If it can be implemented, it will require a few weeks.
I will update you once I have their feedback.

Regards