Password reset in Jitterbit App Builder
The Password Reset feature is available for sites using the Local User authentication provider. Administrators can configure this feature to provide users the option to reset their password upon logging into App Builder. This feature is not enabled by default. Using this feature assumes that you have configured SMTP mail server settings in App Builder, as that is required to send out mail notifications related to this feature. When configured properly, the Forgot password? link will appear on the App Builder login screen.
The expected workflow of the Password Reset feature is:
- A user who needs to reset their Password clicks the Forgot Password link from the App Builder login screen
- The user enters their App Builder account Email Address and clicks the Request Password Reset button
- The user goes to check their Email, which should contain a Password Request email with a time sensitive reset password link
- The user clicks on the Reset Password button embedded in the Email link, which launches a web browser and loads the Reset Password page
- The user provides a new password
- After the Password is reset, an email will be sent to the user to notify them of this action
- The user can now sign into App Builder with the new Password
To enable password reset
To use the Password Reset feature, there are three main tasks involved:
- Create a Security Group for Anonymous Users
- Configure the Notification Endpoint (SMTP Mail Server Settings)
- Configure the Web Site URL
Create a security group for anonymous users
An Administrator needs to grant the Anonymous Users group access to the App Builder - Password Reset application and make them a member of the Password Reset role.
- Navigate to the IDE
- Click on User Management
- Select Groups, click the + Group button, and provide the Name Anonymous
- Click on the Manage Privileges button, and then click the Create button
- Select Application as the Type value, and then select App Builder - Password Reset as the Application value
- Click on the Save button, and close out of the Privilege window
- Under the Roles panel, click on the Grant button that appears next to the Password Reset role
- Click the back button to return to the Groups page
- In the Groups panel, select the Anonymous Users group
- In the Membership panel, click the + Membership button
- Select Anonymous Users from the list options, and then click on the Save icon
Note
See Users & groups for more information on the Anonymous Users group
Configure the notification endpoint (SMTP mail server settings)
- Navigate to the IDE
- Cick the Notification Servers button
- In the Notification Endpoints panel, expand the SMTP option
- Edit the URI field so that it contains a valid SMTP Endpoint. URI should be
smtp://<hostname>
orsmtps://<hostname>
- Edit the Default From Address field so that it contains a valid email account address to be used by the notification emails sent through Password Reset
- Click outside of a field to save
Configure the web site URL
- Navigate to the IDE
- Click on the Security Providers button
- From the Configuration panel, click on More > Sites and either create or edit the existing URL
- Enter the appropriate Web Site URL value for the App Builder app you are configuring Password Reset for. For example:
http://example.com/
- Click on the Save button
Optional password reset customization options
The Password Reset feature has a few areas related to the messages and email templates you can customize, if desired. For example, you may wish to change the text that the notification emails send out through this feature. Customization options for this feature are available under App Builder IDE → Secure your Application → Local User → Password Reset. The customizable options (with the exception of the Length token value, which is not customizable) are as follows:
Field Name | Description |
---|---|
Alert Message | Modify the email text that sends out upon successfully resetting the user password |
Expiry | Number of minutes the reset password email is valid for |
Invalid Token | Message displayed to a user after clicking the Reset Password button in the email if the token has expired or the security code is invalid. |
Length | Password Reset token's security code measure in bytes. The security code length defaults to 16 (128 bits) and is not configurable. |
New Password | Message displayed to the Anonymous User when asked to provide a new password. |
Request | Message displayed to the Anonymous User requesting a password reset. |
Request Message | Modify the email text that sends out upon a user requesting to reset their password |
Success | Confirmation message displayed to a user after a successful password reset. |
Troubleshooting
If you run into issues using the Password Reset feature, please see the Troubleshooting section in the Configuring smtp article.