Password Change Propagation
- Silvan Grüter
- Viktor Ljuca
Introduction
The CoreOne Suite Application Service can be used to propagate a password or a password change into any connected target system. In order to achieve this, there are a couple of settings and workflows that have to be understood. For our explanations we will take a look at the scenario below. There is one Core Identity Type with three different identity types associated to it. A password change to either of the three identity types, should be populated to the remaining two.
Identity Type Feature
On all identity types, where a password change has to be propagated to, the Password reset active feature has to be enabled. If this setting is set to active, any password change on another identity type, will also be propagated to the associated identity of this type. So in our example on top, we have to enable this setting on all three identity types.
Password Change Origin
The password itself can be changed in various places.
Authentication Service
The user can set, reset or change his password on the CoreOne Authentication Service. He does so by himself, no administrator or other user is involved.
Admin UI
There are various places in the Admin UI where a password can be set.
Quick Action Widget
The reset password action on the dashboard will simply redirect the user to the Authentication Service.
Core Identity Detail Page
On the Core Identity Detail Page, the is a Set Initial Password button. This will reset the password to the initial password of all identities associated with the selected Core Identity.
Account Tab
On the account tab of an identity, there is a set or reset password button.
API
There are various API endpoint which can be used to reset the password.
Password change / reset
There is the password change and the password reset method, that allows you to set a new password. This action is executed for a specific identity type.
/apiv2/{apiversion}/authentication/password/change/apiv2/{apiversion}/authentication/password/resetPassword Main change / reset
In contrast to the password change / reset endpoint, this changes / sets the password not only for a specific identity, but for all that have the Password reset active feature active.
Workflows
MainPasswordChanged
Whenever the main password change API endpoint is executed, either from the CoreOne Authentication Service or an external system, the MainPasswordChanged workflow will be executed. For more details see here.
IdentityPasswordChanged
Whenever the password change API endpoint is executed, either from the Admin UI or an external system, the IdentityPasswordChanged workflow will be executed.For more details see here.
Password Change Origin vs Executed Workflows
Origin | MainPasswordChanged-Workflow | IdentityPasswordChanged-Workflow |
|---|---|---|
Authentication Service / Reset |
|
|
Authentication Service / Set |
|
|
Admin UI / Quick Action Widget |
|
|
Admin UI / Core Identity Detail Page |
|
|
Admin UI / Account Tab |
|
|
API / Password change |
|
|
API / Password reset |
|
|
API / Password Main change |
|
|
API / Password Main reset |
|
|
© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.