This documentation is for WSO2 Identity Server 5.3.0. View documentation for the latest release.
Page Comparison - Creating Users Using the Ask Password Option (v.85 vs v.86) - Identity Server 5.3.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Add the configuration given below to the <IS_HOME>/repository/conf/identity/identity.xml file under <Server> element to set the redirection URL valid time period in minutes
    The redirection link that is provided to the user to set the password is invalid after the time specified here has elapsed. 

    Code Block
    <Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
    ...
       <AskPassword>
          <ExpiryTime>1440</ExpiryTime>
       </AskPassword>
    ...
    </Server>
    Panel
    borderColorBlack
    bgColorWhite
    borderWidth1

    You can also configure the expiry time through the Management Console.

    Expand
    titleClick to see how to configure this through the management console
    1. Start the Identity Server and login to the Management Console.

    2. Click Resident under Identity Providers on the Main tab and expand the Account Management Policies tab. 

    3. Expand the User Onboarding tab and configure the Ask password code expiry time field. Click Update to save changes. 

  2. Optionally, if you are adding users via the management console, the EnableAskPasswordAdminUI property value needs to be added to the <IS_HOME>/repository/conf/identity/ identity.xml file.

    Code Block
    <EnableAskPasswordAdminUI>true</EnableAskPasswordAdminUI>
  3. Configure the email settings in the <IS_HOME>/repository/conf/output-event-adapters.xml file. 

    mail.smtp.fromProvide the email address of the SMTP account.
    Example: abcd@gmail.com
    mail.smtp.userProvide the username of the SMTP account.
    Example: abcd
    mail.smtp.passwordProvide the password of the SMTP account.
    Code Block
    languagexml
    <adapterConfig type="email">
        <!-- Comment mail.smtp.user and mail.smtp.password properties to support connecting SMTP servers which use trust
            based authentication rather username/password authentication -->
        <property key="mail.smtp.from">{EMAIL_ID}</property>
        <property key="mail.smtp.user">{USERNAME}</property>
        <property key="mail.smtp.password">{PASSWORD}</property>
        <property key="mail.smtp.host">smtp.gmail.com</property>
        <property key="mail.smtp.port">587</property>
        <property key="mail.smtp.starttls.enable">true</property>
        <property key="mail.smtp.auth">true</property>
        <!-- Thread Pool Related Properties -->
        <property key="minThread">8</property>
        <property key="maxThread">100</property>
        <property key="keepAliveTimeInMillis">20000</property>
        <property key="jobQueueSize">10000</property>
    </adapterConfig>
    Note

    If you are using a Google mail account, note that Google has restricted third-party apps and less secure apps from sending emails by default. Therefore, you need to configure your account to disable this restriction, as WSO2 IS acts as a third-party application when sending emails to confirm user registrations or notification for password reset WSO2 IS.

    Expand
    titleClick here for more information.

    Follow the steps given below to enable your Google mail account to provide access to third-party applications.

    1. Navigate to https://myaccount.google.com/security.
    2. Click Signing in to Google on the left menu and make sure that the 2-step Verification is disabled or off.
    3. Click Connected apps and sites on the left menu and enable Allow less secure apps.
    Tip

    Tip: The email template used to send this email notification is the AskPassword template.

    You can edit and customize the email template. For more information on how to do this, see Customizing Automated Emails.

  4. Start the Identity Server and log in to the Management Console.

  5. In the Main tab, click, under Identity Providers, click Resident and expand the Account Management Policies tab. 
  6. Expand the User Onboarding tab and select Enable User Email Verification. Click Update to save changes. 

    Info

    The EmailVerification property can be enabled for each tenant at tenant creation by adding the following configuration to the <IS_HOME>/repository/conf/identity/identity.xml file as seen below. Please note this should be added before the first start up. If you added this later, you need to manually enable the email verification in the resident IDP configurations of the already created tenants and the super tenant.

    Code Block
    languagexml
    <EmailVerification>
            <Enable>true</Enable>
            <LockOnCreation>true</LockOnCreation>
            <Notification>
                <InternallyManage>true</InternallyManage>
            </Notification>
        </EmailVerification>

...