Contact us at 408.675.5020 or

Home Page

Knowledge Base Search     Advanced

How to Configure Forgot Password to Unlock User Accounts

Article ID: 1703
Last updated: 19 Apr, 2018

Account lockouts occur when users attempt to log into their Windows desktop or cloud based service with an incorrect username or password too often in a given time span.  This article describes how to configure an Identity Maestro server to allow users to unlock their accounts by resetting their password using Forgot Password.

There are two things that are required in order to enable forgot password account unlocking in Identity Maestro.

  • Forgot password must be configured to allow users to reset their passwords
  • A configuration key must be added to the settings.config file (this requires administrator access to the installation folder path of the Identity Maestro server).

Modifying Settings.Config

  1. Log into the Windows server hosting Identity Maestro as an administrative user with permissions to the local file system.

  2. Navigate to <Installation Path>\Omni\IdentityMaestro\Web\settings.config

  3. Open the settings.config file with a text editor like Notepad.

  4. Add the following line 
    <add key="SelfService.UnlockActiveDirectoryAccountOnPasswordReset" value="true" />

  5. Save the settings.config file.

  6. Open Powershell or a CMD prompt as an administrator.

  7. Perform an IISRESET.

  Note: There is no visible confirmation after adding the key to Settings.config.

Testing Self-Service User Unlock

After adding the key to the settings.config file, administrators need to perform a test to validate that everything has been configured correctly. This can be done by locking a user out and then testing that the user can unlock their account by resetting their password in the Self-Service Module.

  1. Lockout a user based on your domain group policy.

  2. Log into Identity Maestro with a user that can Manage the user and confirm the Account Lockout status.

  3. Find the Locked out user, Right-Click and select Account Lockout.

  4. Log out of the management account.

  5. Click on Forgot Your Password? on the login page.

  6. Perform an Account Search.

  7. Correctly answer the required number Password Recovery System questions set.

  8. Enter a new password for the user account.

  9. Log into Identity Maestro with a user that can Manage the user and confirm the Account Lockout status.

  10. Find the Locked out user, Right-click and select Account Lockout.

  11. The Account should now show as unlocked.

This article was:   Helpful | Not helpful Report an issue

Article ID: 1703
Last updated: 19 Apr, 2018
Revision: 4
Views: 187
Comments: 0
print  Print email  Email to friend share  Share pool  Add to pool comment  Add comment
Also listed in
folder Identity Maestro -> How-to, Tips & Tricks, FAQ -> Admin: How-to

Prev     Next
Secure Identity Maestro Websites with SSL Certificates       How to Configure IIS to Recycle Resources