Use this guide to configure the Forgot Username page, where end-users can retrieve forgotten user IDs.

The Forgot Username tool enables an end-user to provide information associated with their directory account in order to reacquire their username to log into SecureAuth IdP realms.

Each SecureAuth IdP realm can include a Forgot Username URL Link (Overview tab) that displays on the initial login page. Clicking the link redirects end-users to the Forgot Username realm, at which the end-user enters information from a defined field (e.g. email address, phone number, etc.) to confirm the account identity.

Upon successful identity validation, the username is displayed on the page itself or sent to the user via email, as configured by the administrator.

1. Create a New Realm for the Forgot Username function

2. Configure the following tabs in the Web Admin before configuring the Post Authentication tab:

  • Overview – the description of the realm and SMTP connections must be defined
  • Data – an enterprise directory must be integrated with SecureAuth IdP
  • Workflow – the way in which users will access this application must be defined
  • Multi-Factor Methods – the Multi-Factor Authentication methods that will be used to access this page (if any) must be defined

Select the type of directory integration used for the Forgot Username realm and follow the appropriate steps

This is a configuration example using an Active Directory integration and common data fields, so it is not universal for every enterprise data store, but may be used as a reference to other LDAP directory types

 

1. In the Membership Connection Settings section, change the searchFilter to accept the user's email address on the initial login page (instead of the username)

This would correspond to the field in the enterprise directory that contains the email address, e.g. (&(mail =%v)(objectclass=*))

2. Set the Search Attribute to the directory attribute that contains the user ID to be retrieved

Once the end-user authenticates, the ID from the Search Attribute is provided as the forgotten username

Move onto step 5

This is a configuration example using a SQL Data Store integration and common properties, so it is not universal for every enterprise data store, but may be used as a reference to other SQL-type data stores (Oracle, ASP.net, ODBC, others)

If configuring a realm with an ASP.net database integration, then follow these steps and refer to the ASP.net Required Steps section following step 4

1. In the SQL data store, create new Stored Procedures that are specific for the Forgot Username realm, using email (or another preferred property) as the user ID

Using SecureAuth's provided Stored Procedures and Tables, replace the Stored Procedure name with a friendly name, e.g. replace GetUser with GetUserByEmail in sp_GetUser: sp_GetUserByEmail

This differentiates the Stored Procedure from the others that employ the username as the User ID

Replace UserName with Email1 in WHERE UserName = @UserName: WHERE Email1 = @UserName

This tells SecureAuth IdP to employ the user's email address stored in Email 1 as the user ID

CREATE PROC [dbo].[sp_GetUserByEmail] @UserName VARCHAR(60)
AS
BEGIN
    SELECT [UserName]
        ,ISNULL([GroupList], '')
        ,ISNULL([PwdLastSet],'1/1/1900')
        ,ISNULL([AccountStatus], '')
    FROM UserTable
    WHERE Email1 = @UserName
END

Shown as an example is the Get User Stored Procedure, which must be updated for this realm

The following Stored Procedures must be updated in the same manner, but with unique, friendly names:

  • Get User (new name: GetUserByEmail)
  • Get Profile (new name: GetProfileByEmail)
  • Update Profile (new name: UpdateProfileByEmail)
  • Validate / Get Password, required only if the user's password is required in the workflow to retrieve the forgotten username (new name: ValidatePasswordByEmail / GetPasswordByEmail)
CREATE PROC [dbo].[sp_GetProfileByEmail] @UserName VARCHAR(60)
AS
BEGIN
    SELECT UserName
        ,IsNull(FirstName, '') FirstName
        ,IsNull(LastName, '') LastName
        ,IsNull(Phone1, '') Phone1
        ,IsNull(Phone2, '') Phone2
        ,IsNull(Phone3, '') Phone3
        ,IsNull(Phone4, '') Phone4
        ,IsNull(Email1, '') Email1
        ,IsNull(Email2, '') Email2
        ,IsNull(Email3, '') Email3
        ,IsNull(Email4, '') Email4
        ,IsNull(AuxID1, '') AuxID1
        ,IsNull(AuxID2, '') AuxID2
        ,IsNull(AuxID3, '') AuxID3
        ,IsNull(AuxID4, '') AuxID4
        ,IsNull(AuxID5, '') AuxID5
        ,IsNull(AuxID6, '') AuxID6
        ,IsNull(AuxID7, '') AuxID7
        ,IsNull(AuxID8, '') AuxID8
        ,IsNull(AuxID9, '') AuxID9
        ,IsNull(AuxID10, '') AuxID10
        ,IsNull(pinHash, '') pinHash
        ,IsNull(Questions, '') Questions
        ,IsNull(Answers, '') Answers
        ,IsNull(ChallengeQuestion, '') ChallengeQuestion
        ,IsNull(ChallengeAnswer, '') ChallengeAnswer
        ,IsNull(CertResetDate, '1/1/1900') CertResetDate
        ,IsNull(CertCount, 0) CertCount
        ,IsNull(CertSerialNumber, '') CertSerialNumber
        ,IsNull(MobileResetDate, '1/1/1900') MobileResetDate
        ,IsNull(MobileCount, 0) MobileCount
        ,IsNull(ExtSyncPwdDate, '1/1/1900') ExtSyncPwdDate
        ,IsNull(HardwareToken, '') HardwareToken
        ,IsNull(iOSDevices, '') iOSDevices
        ,IsNull(OATHSeed, '') OATHSeed
        ,IsNull(OneTimeOATHList, '') OneTimeOATHList
        ,IsNull(GroupList, '') GroupList
    FROM UserTable
    WHERE Email1 = @UserName
 
 
    SELECT DigitalFP
    FROM UserFP
    WHERE Email1 = @UserName
 
 
    SELECT PNToken
    FROM UserPN
    WHERE Email1 = @UserName
 
 
    SELECT AccessHistory
    FROM UserAccessHistory
    WHERE Email1 = @UserName
 
 
    SELECT OATHToken
    FROM UserOT
    WHERE Email1 = @UserName
END
GO

Note the updates applied to this Stored Procedure from step 1

The following steps are completed in the SecureAuth IdP Web Admin

 

2. In the Membership Connection Settings section, set the Get User SP to the friendly name of the Forgot Username-specific Get User Stored Procedure (configured in step 1), e.g. GetUserByEmail

3. Set the Validate / Get Password SP to the friendly name of the Forgot Username-specific Get / Validate Password Stored Procedure, e.g. GetPasswordByEmail

Step 4 is required only if the user's password is required in the Forgot Username realm login workflow

 

4. Set the Get Profile SP and the Update Profile SP to the friendly names of the Forgot Username-specific Get User Profile and Update User Profile Stored Procedures, e.g. GetProfileByEmail and UpdateProfileByEmail

The following steps are for Forgot Username realms using ASP.net database as the directory source

Forgot Username with ASP.net database is supported by SecureAuth IdP versions 9.1+

 

1. In the Links section, select Click to Edit Web Config File

 

2. Search for ASPNETMembershipProvider, and add the following line in the ASPNETDB section

searchFilter="email"

3. Search for ASPNETProfileProvider, and add the following line in the ASPNETDB section

searchFilter="email"

Click Save once the configurations have been completed and before leaving the Web Config Editor page to avoid losing changes

 

 

3. If the LoweredEmail field is empty, then populate the field in the ASP.net database

Click Save once the configurations have been completed and before leaving the Data page to avoid losing changes

 

5. Select Forgot Username from the Authenticated User Redirect dropdown in the Post Authentication tab in the Web Admin

6. An unalterable URL is auto-populated in the Redirect To field, which appends to the domain name and realm number in the address bar (Authorized/ForgotUsername.aspx)

 

7. Choose the Username Delivery Option, which either is to Display on page or to Send in email to the field designated in the searchFilter / Stored Procedures (Email 1)

The username displayed on the page or sent in the email is the username stored in the directory attribute mapped to the Search Attribute field; or the User ID stored as the UserName in SQL-type data stores

Click Save once the configurations have been completed and before leaving the Post Authentication page to avoid losing changes

 

8. Click View and Configure FormsAuth keys / SSO token to configure the token/cookie settings and to configure this realm for Single Sign-on (SSO)

These are optional configurations

Follow these steps to alter the end-user login pages to read, "Email" (or whatever is preferred) instead of "Username" in the Forgot Username realm

These optional steps are completed in the Forgot Username realm (configured above)

 

1. In the Advanced Settings section, select Content and Localization

 

2. Search for useridview_userIdLabel and change Username: to Email: (or the preferred verbiage), which displays on the initial login page, prompting the user for the User ID

3. Change the passwordview_userLabel from Username: to Email: (or the preferred verbiage), which displays on the subsequent login page, prompting the user for the password

This is only necessary if the realm's workflow has username and password on separate pages

The Username / Email field is greyed out and displays the information entered on the previous page

4. Search for useridview_usernameplaceholder and change Username to Email Address (or the preferred verbiage), which displays as a placeholder on the initial login page (with step 2) in the text box

Click Save once the configuration is complete and before leaving the Content and Localization page to avoid losing changes

Follow the step to add the Forgot Username realm link to other SecureAuth IdP realms, which displays on login pages for end-users to quickly retrieve lost credentials

This optional step is NOT completed in the Forgot Username realm, but rather in other SecureAuth IdP realms

 

1. In the Page Content section, update the Forgot Username URL field and its Location on the login page within the other SecureAuth IdP realms in which the function is available

The URL would be: /SecureAuth[ForgotUsernameRealm#]

Click Save once the configurations have been completed and before leaving the Overview page to avoid losing changes