We would like to implement a Self-service password reset solution that requires MFA. Is it possible to customise the OOTB Forgot password form to include a requirement for the end-user to supply a One-Time-Password?
By default OOTB uses security Questions or SMS from Twilio service.
I have read in community that If you would like to use some other OTP Service then it is not recommended from SailPoint Architect. however you can try to customize.
I have implemented this by customizing Self-Registration one.
Thanks
Krish
Hi @MVKR7T ,
Thanks for responding, do you have code handy or may be can you guide me in bit details as how did you do the customization?
Look into System Configuration object, change workflow for entry workflowLCMSelfServiceRegistrationRequest, point to the custom workflow.
Custom Workflow can have multiple custom forms, where you ask user to enter basic details like
Form1
Username/EmployeeID (Some unique attribute to find the user)
FirstName
LastName
Email (validate user data to make sure it is the right user)
New Password
Confirm Password
Form2
Confirm OTP
Form3
Success Message
It doesn’t look good to use label New User Registration for Forgot Password, so I tried to rename the label, we can find somewhere in property files or in XHTML files. I didn’t have much time as I was just exploring not for business purpose. You can look into this as well.
Hope this helps you 
Thanks
Krish
1 Like
Hi @MVKR7T ,
Thankyou for response i will try by myself and see if it works. However Confirm OTP needs to have some messaging service right which can send OTP over email or Phone.
Yes, if you would like to ask user to choose OTP mode mobile/email then you can develop one more form for that. If not, once user submit details in Form1, you can send the OTP by default to mobile/email. You can manage these in Workflow steps and step transitions.
Hi @dheerajk27 . Did any of these replies answer your question? If so, can you please mark the reply that is the best solution?
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.