

Configuring User Name Recovery¶

WSO2 Identity Server enables recovering user accounts where the user has forgotten the user name. This is done by matching the user claims that are related to user attributes. The user will be prompted to enter values for these user attributes. If the value entered by the user matches with the claims, the corresponding user name will be emailed to the user’s registered email ID.

User Name Recovery

Scenario¶

Pickup is a cab company that has many employees who use different credentials to sign in to different internal enterprise applications. Alex who is a new recruit at Pickup has forgotten the user name.

Let's learn how Alex can recover the password by providing some profile information!

Set up¶

Follow the steps below to configure WSO2 Identity Server to enable user name recovery.

Open the deployment.toml file in the <IS_HOME>/repository/conf directory.
1. Check whether the following listener configs are in place.
```
[event.default_listener.identity_mgt]
priority= "50"
enable = false
[event.default_listener.governance_identity_mgt]
priority= "95"
enable = true
```
2. To configure the email server to send emails requesting password reset, add the following configurations.
  - from_address: This is the email address from which the confirmation email will be sent.
  - username: This is the user name of the given email address.
  - password: This is the password of the given email address.
  Format
```
[output_adapter.email]
from_address= ""
username= ""
password= ""
hostname= "smtp.gmail.com"
port= 587
enable_start_tls= true
enable_authentication= true
```
  Sample
```
[output_adapter.email]
from_address= "[email protected]"
username= "wso2iamtest"
password= "Wso2@iam70"
hostname= "smtp.gmail.com"
port= 587
enable_start_tls= true
enable_authentication= true
```
  If you are using a Google email account
  
  Google has restricted third-party applications and less secure applications from sending emails by default. As WSO2 Identity Server acts as a third-party application when sending emails for password entry, follow the steps below to enable your Google email account to provide access to third-party applications.
  1. Access https://myaccount.google.com/security.
  2. Under Signing in to Google section, turn off the 2-step Verification option.
Restart WSO2 Identity Server.
On the Main menu of the Management Console, click Identity > Identity Providers > Resident.
Under the Account Management Policies section, click Account Recovery.
Select the following check boxes:
- Enable Username Recovery
- Enable Internal Notification Management
Note

The recommended Recovery callback URL regex to use when testing the product is ^https:\/\/localhost:9443\/.*. However, users should modify it to meet their requirements when they deploy the product.
Click Update.

Try out¶

To create the user account for Alex:
1. On the Main menu of the Management Console, click Identity > Users and Roles > Add.
2. Click Add New User.
3. Enter the required data as follows.
  - Domain: Primary
  - Username: Alex
4. Click Finish.
To assign login permissions to the user:
1. Click the View Roles option of Alex.
2. Click Permissions.
3. Select Login and click Update.
To add Alex's email Id:
1. Click User Profile option of Alex.
2. Enter an email address to which Alex's password recovery emails will be sent.
3. Click Update.
To mimic a forgotten user name:
1. On the Sign In screen of the WSO2 Identity Server Dashboard at https://localhost:9443/dashboard/, click Username.
2. Enter the first name as Alex.
3. Click Submit.
4. An email with the user name is sent to the given email address.

Top