Users can reset their password with an interactive form provided by the ID service. Administrators can also initiate the password reset from management interfaces.

1 Resetting your password
- 1.1 Using the Reset Password form
2 Directing users directly to the form
3 Configuring the form behaviour
- 3.1 Translatable texts
4 Initiating password reset as an administrator

Resetting your password

The Password Reset form is accessible from OIDC sign-in views. The user is offered a link with a text similar to “I’ve forgotten my password” which they can use to open the form.

Sign-in view with a “Password forgotten?” link

Using the Reset Password form

The user is asked for their sign in name, which may be their username, email address, or phone number, depending on the circumstances. The exact choice depends on which namespaces the user is expected to be in, and how they are configured. For example, when the form is accessed from a sign-in view of an application which accepts users from a single namespace, that namespace’s configuration is used.

Starting the Reset Password process

After entering the sign-in name, a message is sent to the user to one of their confirmed email addresses.

The email contains instructions on continuing. It will have a link the user must open.

The link leads to a form where the user will enter their new password. It must meet the password requirements from their namespace and group policies.

After entering the new password the user is shown a link back to the sign-in view.

Directing users directly to the form

It is recommended that users enter the form through the sign-in view.

However, it is possible to direct the user to the Reset Password form from external sites by constructing an URL with special query parameters and directing the user there.

Example: https://{your-id-server}/resetPassword?

Query parameter	Value	Purpose

Query parameter	Value	Purpose
`un`	User’s username	Value will be pre-entered to sign-in name field.
`ns`	User’s namespace code	If given, user must be in this namespace.
`nsids`	Comma separated list of namespace codes	If given, user must be in one of given namespaces.
`lu`	Login URL	URL where user is directed after finishing or cancelling the reset password process. The URL must be in the system wide whitelist of accepted Reset Password URLs.
`locale`	Preferred locale, example: `en`	View will open with this language selected. If not given, browser language detection is used.

Configuring the form behaviour

The form’s functions can be adjusted in the System Preferences / Base settings / Password Reset section.

You can disable password reset altogether
You can limit which return URI values are allowed
You can set an URL which is shown to the user if they use an invalid password reset link
You can control if namespace selection is required or not, and force a namespace if none is selected.
You can control if the user is told if no matching accounts were found.

Translatable texts

View	Translation code	Text usage

View	Translation code	Text usage
Invalid reset link clicked	passwordReset.error.continueLinkCaption	When a “Continue” link has been configured, it will have this text.
	passwordReset.error.invalidDataToken.heading	When a reset link is re-clicked after being used or it has expired, this heading is shown
	passwordReset.error.invalidDataToken	When a reset link is re-clicked after being used or it has expired, this text is shown
	passwordReset.error.invalidLink.heading	When a reset link with invalid parameters is clicked, this heading is shown
	passwordReset.error.invalidLink	When a reset link with invalid parameters is clicked, this text is shown.

Initiating password reset as an administrator

An administrative user can initiate password reset by going to the Accounts view, selecting an user and choosing Actions / Request user to change password.