Changes between Version 8 and Version 9 of guiiam2018

Timestamp:

Sep 19, 2018, 5:36:28 AM (6 years ago)

Author:

admin

Comment:

--

guiiam2018

@@ -183 +183 @@
    You have to map user attributes that are essential in password resetting. When a user clicks forgot password link it will send a reset link to a working email. Keep in mind that the attribute `mail` should be the key attribute for mapping the ldap user for various outside services. Therefore it should be something in the format `user@instXY.ac.lk` and it should not be allowed to be changed by the users. Because of this, we will use ldap attribute `email` to fill in the alternate email of the user which is used to send the reset requests. 
 
-* Map Group Attributes
-
-
-
-
-Ask Users to login to https://idp.instXY.ac.lk:8443/auth/realms/instXY/account change there user profile and details
-
+   To do this you need to edit the ldap email mapper from the settings.
+   
+   Go to `User Federation --> ldap --> Mappers` and select email
+
+   Change the value of '''LDAP Attribute''' to '''email''' and Save.
+
+   On your production servers you need to configure your email server settings on `Realm Settings --> Email`
+
+Ask Users to login to https://idp.instXY.ac.lk:8443/auth/realms/instXY/account change there user profile and details (Change instXY in the url as per your realm name)
+
+* Usage of OTP.
+
+   Users can utilize the function OTP from their profile page. They may use any OTP software such as Google Authenticator, Authy, etc. This will add additional security to the password reset process.
+   
 
 > For further customization you may consult keycloak official guides from https://www.keycloak.org/documentation.html