This documentation is for WSO2 Identity Server 5.7.0 . View documentation for the latest release.

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Open the output-event-adapters.xml file found in the <IS_HOME>/repository/conf directory. 
  2. Configure the relevant property values for the email server that you need to configure for this service under the <adapterConfig type="email"> tag.

    Code Block
    <adapterConfig type="email">
        <!-- Comment mail.smtp.user and mail.smtp.password properties to support connecting SMTP servers which use trust
        based authentication rather username/password authentication -->
       	<property key="mail.smtp.from">[email protected]</property>
       	<property key="mail.smtp.user">abcd</property>
       	<property key="mail.smtp.password">xxxx</property>
       	<property key=""></property>
       	<property key="mail.smtp.port">587</property>
       	<property key="mail.smtp.starttls.enable">true</property>
       	<property key="mail.smtp.auth">true</property>
       	<!-- Thread Pool Related Properties -->
       	<property key="minThread">8</property>
       	<property key="maxThread">100</property>
       	<property key="keepAliveTimeInMillis">20000</property>
       	<property key="jobQueueSize">10000</property>

    Tip: The email template used to send this email notification is the AdminForcedPasswordReset template for password recovery via recovery email, and the AdminForcedPasswordResetWithOTP template for password recovery via OTP (one-time password).

    You can edit and customize the email template. For more information on how to do this, see Customizing Automated Emails.

  3. Start the Identity Server and log in to the management console with admin credentials. 
  4. Create a new user with the username "tom" and update his the user profile with a valid email address and other information. 
  5. Create a new role called "test role" with login permissions and assign it to the new user, "tom". 


    Tip: You can verify this by logging in to the dashboard as Tom. The log in attempt should be successful. Log out and log back in with admin credentials.

  6. Click on Resident under Identity Providers found in the Main tab.

  7. Expand the Account Management Policies tab. 

  8. Expand the Password Reset tab. You will see the following options for forced password reset: 

    Table of Contents



In order to force a user to change the password after some specific time period, please refer "Configuring Password Policy Authenticator" documentation.

titleRelated Links
  • By default, the claim values of the identity claims used in this feature are stored in the JDBC datasource configured in the identity.xml file. See Configuring Claims for more information on how to store the claim values in the user store.
  • See Event-Based Session Termination for instructions on enabling termination of active sessions once a user's credentials are reset.