The Self-service password reset functionality allows the end users to request a new password if they forget their current password without having to contact the help desk or security administrators. The user can go to a link (either published directly on the PeopleSoft login page or as a separate link provided to the users), enter their user id and answer a set of secret questions that they had previously set up for their profile. If successfully verified, the system sends an email with a random new password for the user.
Below are the steps for setting up the self-service password reset utility:
- Setup secret questions.
- Register users for self-service password reset.
- Configure an email password template.
- Set up a separate open website for password reset.
- Test password reset link.
Navigation: PeopleTools >> Security >> Password Configuration >> Forgotten Password Hint
Forgotten password hints are the secret questions that the users can select when registering for the self-service password reset functionality.
Enter the appropriate question/hint sentence in the “Question” field. Only the questions/hints marked as ‘Active’ are available for users to select during the registration process.
Figure V‑11 System Security – SS Password Reset – Secret Questions
To be performed by all end users
Navigation: Main Menu >> My System Profile >> Change or Setup Forgotten password help
Before the users can use the Self-service password reset utility, they have to set up the secret question and answer that the system will use to confirm their identity when requesting a new password. To do this, the user can go their System Profile (available as a direct link under main menu) and click on the ‘Change or Setup forgotten password help’ link.
Users can select one of the available questions from the drop down and enter a response that only they can provide. For improving the security of the system, the users should be encouraged to use responses that are not direct responses to the question but something they can easily recall.
** In the “My System Profile”, users should also verify or update their email address. This is the email address that the new password will be sent to.
** Users access should have the “Allow Password to be Emailed” enabled. It is recommended that this be enabled in the common permission list granted to all users.
Navigation: PeopleTools >> Security >> Password Configuration >> Forgotten Password Email Text
Configure the template text for the email that will be sent to the user upon successful identity validation. The system uses this template to compose the email to be sent to the user with his/her new password. The exact string <<%PASSWORD>> should be used in the text of the email which the system will automatically replace with the new randomly generated password.
To be performed by the System Administrator.
The system administrator responsible for maintaining the PeopleSoft web server should create a new PIA website using a new web profile with public access. Configuring the web profile and PIA website is outside the scope of this book. However, there are some key aspects that should be configured for this web profile.
- Select the ‘Allow Public Access’ in the Security tab for the Web Profile configuration.
- Enter a valid User ID and password that will be used to automatically login into PeopleSoft to invoke the password reset functionality. This user id should have minimum access and should be restricted to EMAIL_PSWD component and USERMAINT_SELF component interfaces.
- The link to the new PIA website should be in the following format to allow the users to directly access the “Forgot password” page.
- All other security aspects for the web profile should match or be tighter than the regular PIA website for regular PeopleSoft access. This ensures that the new website for password reset does not add any additional security risk to the overall PeopleSoft system.
Figure V‑14 System Security – SS Password Reset – Web Profile Setup