About Managing Forgotten Passwords

This topic describes how to manage forgotten passwords. If a user who has previously self-registered on a Siebel customer or partner application forgets his or her password, then the user can get a new password by clicking the Forgot Your Password? link in the login dialog box.

Note: Forgot Your Password? is a default feature of Siebel customer and partner applications, but it is available only if you implement LDAP security adapter authentication. To implement similar functionality in a Web SSO environment, you are responsible for configuring the functionality in your external authentication application, in your user directory, and in your security adapter. Consult your third-party vendor documentation for information about performing these tasks.

You can optionally configure the Forgot Your Password? feature in a number of ways:

• You can specify the minimum and maximum length of the new password that a user can retrieve as described in "Defining Password Length for Retrieved Passwords".

• You can amend the forgotten passwords workflow process to change:

  • The way in which the user identification data is compared with database user records.

  • The identification data requested from users.

  For information on both these tasks, see "Modifying Workflow Process to Request Different Identification Data".

For additional information about managing forgotten passwords, see also the following topics:

• "Retrieving a Forgotten Password (Users)"

• "Architecture for Forgotten Passwords"

• "About Modifying the Workflow Process for Forgotten Passwords"

Retrieving a Forgotten Password (Users)

This topic describes how users, who have previously self-registered, can create new passwords if they have forgotten their existing password. On a future login, users can change new passwords in the User Profile view.

The following procedure describes the steps involved in retrieving a new password.

To retrieve a new password 

1. In the login dialog box, the user clicks Forgot Your Password?

   The User Information form appears.

2. The user completes all fields of the form, and then clicks Submit.

   • The database comparisons done with the Last Name field and First Name field entries are case-sensitive.

   • The Work Phone # entry numbers are compared with the database. The comparison disregards any separators.

   If a matching record is found, then the Challenge Question form appears.

3. The user enters the answer to the challenge question.

4. If the challenge question is answered correctly, then the user is prompted to enter a new password, and then to reenter the password to confirm it.

   Provided that the passwords match and do not violate the requirements for passwords set by the directory server, the new password is set for the user.

5. Click Continue.

Related Topic

"About Managing Forgotten Passwords"

Defining Password Length for Retrieved Passwords

This topic describes how to configure the length of new passwords retrieved by users who have previously self-registered but who have forgotten their password. For information on the forgotten password feature, see "About Managing Forgotten Passwords" and "Retrieving a Forgotten Password (Users)".

To make sure that passwords conform to your company's policy on password length, you can specify minimum and maximum character lengths for passwords by adding two user properties to the User Registration business service in Siebel Tools. These user properties are RandPassMinLength and RandPassMaxLength. When a user requests a new password using the Forgot Your Password feature, the User Registration business service invokes the SetPassword method to create the new password after verifying that the password meets the password length requirements defined for these two properties.

To define minimum and maximum values for password length 

1. Open Siebel Tools and, in the Object Explorer, click Business Service.

   The Business Services list appears.

2. In the Business Services list, query or scroll to select the User Registration business service.

3. Choose Tools, and then Lock Project.

4. In the Object Explorer, click Business Service User Props.

   The Business Service User Props list appears.

5. Right-click in the Business Service User Props list and select New Record from the displayed context menu.

   A new record field appears.

6. Complete the fields for the new record, as shown in the following table.

   In this field...	Enter...
   Name	RandPassMinLength
   Value	Enter the minimum number of characters that your company's password policy states a password must contain. The default value is 5.

   
   

   This defines the minimum number of characters that a password can contain.

7. Step off the record to save changes.

8. Repeat Steps 5, 6, and 7 with modifications for Step 6, as shown in the following table.

   In this field...	Enter...
   Name	RandPassMaxLength
   Value	Enter the maximum number of characters that your company's password policy states a password must contain. The default value is 15.

   
   

   This defines the maximum number of characters that a password can contain.

9. Update the repository and deliver the updates, then unlock the User Registration project.

Architecture for Forgotten Passwords

Forgot Your Password? is implemented in the User Registration Forgot Password Process workflow process. This process is a subprocess in User Registration Initial Process.

As described in "Retrieving a Forgotten Password (Users)", to receive a new password, the user must provide identification data that is compared with database user records. If all four fields return a case-sensitive match with an existing record, then the user must answer the challenge question associated with that record. The challenge answer must also return a case-sensitive match.

When a user enters values to the comparison fields in the user interface, the values are written to fields in the User Registration business component. This business component is based on the same tables as the User business component. The virtual field values are not written to the database, but are compared with field values in those underlying tables.

The user entries in the following fields in the user interface are compared with field values in the tables indicated:

• The Last Name, First Name, Email, and Work Phone # fields are compared with S_CONTACT field values.

• The Challenge Answer field is compared with an S_USER field value.

The User Registration Forgot Password Process workflow process uses the following views:

• User Registration Forget Pwd Challenge Answer Error View

• User Registration Forgot Pwd Error View

• User Registration Forgot Pwd Invalid Error View

• User Registration Forgot Pwd Reset Confirm View

• User Registration Pwd Info View

• User Registration Pwd Nomatch View

• User Registration Forget Pwd Challenge Ques View

Related Topic

"About Managing Forgotten Passwords"

About Modifying the Workflow Process for Forgotten Passwords

You can modify the User Registration Forgot Password Process workflow process in the following ways:

• Make a comparison of null fields as well as fields for which the user has provided a value

  For information on this task, see "Modifying Workflow Process to Query Null Fields".

• Request different identification data from the user

  For information on this task, see "Modifying Workflow Process to Request Different Identification Data".

In the User Registration Forgot Password Process workflow process, the Query User step invokes the FindContact method of the User Registration business service. This method queries the database for user records whose data matches the identification data provided by the user. If the query returns a unique record, then the user can prove he or she owns the record by answering the challenge question.

Table 8-2 describes the arguments for the FindContact method.

Table 8-2 FindContact Method Arguments

List	Records	Comments About Values
Input Arguments	EmailAddress FirstName LastName WorkPhoneNum	The Input Argument field values are the field names in the User Registration business component that the FindContact business service queries for a match. The comparison is made with the process property values given in the Property Name field. These process properties collect the entries made by the user.
	Output Field: Id Output Field: Login Name	As given by the Input Argument field values, the FindContact method is requested to return the Id and Login Name field values for each user record whose field values match the entries by the user. A temporary table of values is defined in which the rows are the records returned and the columns are given by the Value field values. One row of the temporary table contains the ID for a returned record in the Id column and the record's Login Name in the Login Name column.
Output Arguments	Login Name Siebel Operation Object Id RegError	Each Property Name field value is a process property name. The Login Name and Siebel Operation Object Id process properties receive values if FindContact returns a unique matching record. If a unique record is not determined that matches the criteria, then RegError receives an error value. Siebel Operation Object Id is used to identify the user record for subsequent operations in the workflow process, and it receives its value from the temporary table's Id column, that is, the ID of the user record. The Login Name process property receives its value from the temporary table's Login Name column, that is, the Login Name of the user record.

Related Topic

"About Managing Forgotten Passwords"

Modifying Workflow Process to Query Null Fields

By default, if a user completes fewer than all four fields on the User Information form, then only the fields that a user completes are used in the query to find a unique matching record in the database. For example, if the user enters first and last name only, then the query does not do any comparisons on the Email or Work Phone # fields.

You can specify that the Query User step (FindContact method in the User Registration business service) checks any empty fields to confirm that they are NULL in the database record to conclude that a record is a match. The following procedure describes this task.

To modify the User Registration Forgot Password Process workflow to query null fields 

1. Make a copy of the User Registration Forgot Password Process workflow.

2. In the copy of the workflow, modify the Query User step by adding the QueryAllFields input argument with a value of Y. By default, the value of this input argument is N.

   When you create input arguments, enter the fields and values described in the following table.

   Field	Value
   Input Argument	QueryAllFields
   Type	Literal
   Value	Y

   
   

3. Activate the amended copy of the User Registration Forgot Password Process workflow.

   For detailed information about modifying workflow processes, see Siebel Business Process Framework: Workflow Guide.

Related Topics

"About Modifying the Workflow Process for Forgotten Passwords"

"Modifying Workflow Process to Request Different Identification Data"

Modifying Workflow Process to Request Different Identification Data

The data requested from the user in the User Information form is compared with data in existing user records to locate a unique database record. If you want to compare different data than those compared in the seed User Registration Forgot Password Process workflow process, then you must do the following tasks:

• Modify the user interface

• Modify User Registration Forgot Password Process input arguments

Modifying the User Interface for User Registration

To add or delete a field in the User Information form, you must use Siebel Tools to modify its underlying applet. The following procedure is intended to list the major steps you must perform to add or delete a field in the User Information form. For detailed information about performing any step, see Configuring Siebel Business Applications.

To add or delete a field in the User Information form 

1. Open Siebel Tools.

2. Lock the User Registration project.

3. If you are adding a field, then determine what field to add. Add to both the VBC User Registration virtual business component and the User Registration business component the field that corresponds to the field you want to add. Use the same names for these fields.

   For more information, see "(Optional) Modifying Self-Registration Views and Workflows".

   1. In the Object Explorer, click Business Component.

   2. In the Business Components list, query or scroll to select the User Registration business component.

   3. In the Object Explorer, expand Business Component, then click its Field child item.

   4. In the Fields list, add the field you need for this business component.

   5. Repeat this process for the VBC User Registration virtual business component.

4. Configure the applet VBC User Registration Initial Form Applet to display or hide the field.

   1. In the Object Explorer, click Applet.

   2. In the Applets list, query or scroll to select the applet VBC User Registration Initial Form Applet.

   3. In the Object Editor, expand Applet, then click its Control child item.

   4. In the Controls list:

      • If you want to hide a field, then select its record in the Controls list and check its Inactive field.

      • If you want to add a field, then add a new record in the Controls list. Complete only the fields listed. Use the indicated guidelines.

        Field	Guideline
        Name	Enter a name for this field, such as City
        Caption	Enter the caption you want for this field in the user interface, such as City
        Field	Enter the field that you determined in Step 3, such as City
        HTML Display Mode	Delete the default value, so the field is empty
        HTML Row Sensitive	Check
        HTML Type	Pick Text
        Sort	Check
        Text Alignment	Pick an alignment
        Visible	Check
        Visible - Language Override	Enter Y

        
        

5. Configure the appropriate applet Web template for VBC User Registration Initial Form Applet to display or hide the field.

6. Update the repository and deliver the updates, then unlock the User Registration project.

Note: To remove a field from the self-registration user interface, you do not have to delete the field from the applet in which it appears. Instead, configure the applet so that the field is not displayed in the user interface.

Modifying Input Arguments for the Workflow Process

In the Query User step of User Registration Forgot Password Process, you specify the input fields to the FindContact method in the User Registration business service that are used to find a matching user record. You must modify this step to add or delete an input field.

You make this change by modifying the input arguments for the Query User step for a revised copy of the User Registration Forgot Password Process workflow process, then activating this copy. When you create input arguments, enter the fields and values described in Table 8-3.

Table 8-3 Values for Input Arguments for Query User Step

Field	Guideline
Input Argument	Enter the name of the field in the User Registration business component that you noted in Step 3 of "Modifying the User Interface for User Registration", such as City. This is the field in the existing user records with which the comparison is made.
Type	Pick Process Property.
Property Name	Pick the process property that corresponds to the field in the User Registration business component that you noted in Step 3 of "Modifying the User Interface for User Registration", such as City. The process property has the same name as the field, by convention.
Property Data Type	This field automatically populates with the data type of the process property.

Related Topics

"About Modifying the Workflow Process for Forgotten Passwords"

"Modifying Workflow Process to Query Null Fields"