Previous Topic: Configure Standard Endpoint Search ScreenNext Topic: Configure End User License Agreement Screen

Screens and TabsSearch Screen ConfigurationPassword or Forgotten User ID Screen

Password or Forgotten User ID Screen

The Password or Forgotten User ID Screen lets you configure the forgotten password or forgotten user ID tasks. This screen has the following fields:

Name

Defines the name of the screen.

Tag

An identifier that is unique within the task. It can contain ASCII characters (a-z, A-Z), numbers (0-9), or underscore characters, beginning with a letter or underscore. The tag is used for setting data values through XML documents or HTTP parameters.

Prompt

Defines text that will appear above the area where users supply identification information.

Profile Screen for Identification

Specifies an Identify screen that includes the attributes (such as UserID) that users must enter.

Prompt for primary verification screen

Defines text that will appear above the area where users supply verification information.

Profile Screen for Primary Verification

Specifies an Identify screen that includes verification question and answer pairs.

Prompt for secondary verification screen

Defines text that will appear above the area where users supply verification information, if verification questions are presented on separate screens.

Profile Screen for Secondary Verify

Specifies an Identify screen that includes verification question and answer pairs, if verification questions are presented on separate screens.

Number of questions

Enter the number of questions that users must answer to verify their identity.

Number of acceptable incorrect answers

The number of incorrect answers a user can provide before CA Identity Manager records a verification failure.

Note: CA Identity Manager records an incorrect answer only after a user exceeds the Verification Page Attempt Limit. For example, if the Verification Page Attempt Limit is 2, CA Identity Manager records an incorrect answer if the user answers incorrectly 3 times.

Verification page timeout

The amount of time a user has to answer all of the questions on a page.

Verification page attempt limit

The number of times a user can attempt to answer the questions on a page.

If only one question appears per page, the Verification page attempt limit is the number of times a user can try to answer that question.

Note: Specify 0 for the options that do not apply.

Failed attempt limit

The number of consecutive times a user can fail the verification process before he is locked out of the task. CA Identity Manager locks the user out of the task, and optionally disables the user’s account, if the user attempts to verify his identity after the Failed Attempt Limit has been reached. For example, if the failed attempt limit is 3, the user is locked and disabled on the fourth failed attempt.

Note: The attribute you specify must be defined in the directory configuration file (directory.xml) for the CA Identity Manager environment.

Disable User

If selected, CA Identity Manager disables a user’s account in addition to locking the task when the failed attempt limit is exceeded.

Note: The user account is not disabled until the user fails to verify his identity after the Failed Attempt Limit has been reached.

Failed attempt lockout length

The number of days that a user is locked out of the task if she exceeds the failed attempt limit.

Successful attempt limit

The number of days that users must wait before using the task, after a successful attempt.

Attempt tracking attribute

Select the attribute that CA Identity Manager will use to track verification attempts.

Allowed Disabled Reasons

Select one or more reasons such that the user is allowed to reset the password.

For more information on configuring forgotten password or forgotten User ID tasks, see the Administration Guide.

More information:

Self-Service Tasks