Skip to Content

Password reset

The Password Reset feature is available for sites using the Local User authentication provider. Administrators can configure this feature to provide users the option to reset their password upon logging into Vinyl. This feature is not enabled by default. Using this feature assumes that you have configured SMTP mail server settings in Vinyl, as that is required in order to send out mail notifications related to this feature. When configured properly, the Forgot password? link will appear on the Vinyl login screen.

The expected workflow of the Password Reset feature is:

Untitled diagram

  1. A user who needs to reset their Password clicks the Forgot Password link from the Vinyl login screen
  2. The user enters their Vinyl account Email Address and clicks the Request Password Reset button
  3. The user goes to check their Email, which should contain a Password Request email with a time sensitive reset password link
  4. The user clicks on the Reset Password button embedded in the Email link, which launches a web browser and loads the Reset Password page
  5. The user provides a new password
  6. After the Password is reset, an email will be sent to the user to notify them of this action
  7. The user can now sign into Vinyl with the new Password

To enable password reset

In order to use the Password Reset feature, there are three main tasks involved:

  1. Create a Security Group for Anonymous Users
  2. Configure the Notification Endpoint (SMTP Mail Server Settings)
  3. Configure the Web Site URL

Create a security group for anonymous users

An Administrator needs to grant the Anonymous Users group access to the Vinyl - Password Reset application and make them a member of the Password Reset role.

  1. Navigate to the IDE
  2. Click on User Management
  3. Select Groups, click the + Group button, and provide the Name Anonymous
  4. Click on the Manage Privileges button, and then click the Create button
  5. Select Application as the Type value, and then select Vinyl - Password Reset as the Application value
  6. Click on the Save button, and close out of the Privilege window
  7. Under the Roles panel, click on the Grant button that appears next to the Password Reset role
  8. Click the back button to return to the Groups page
  9. In the Groups panel, select the Anonymous Users group
  10. In the Membership panel, click the + Membership button
  11. Select Anonymous Users from the list options, and then click on the Save icon


See Users & groups for more information on the Anonymous Users group

Configure the notification endpoint (SMTP mail server settings)

  1. Navigate to the IDE
  2. Cick the Notification Servers button
  3. In the Notification Endpoints panel, expand the SMTP option
  4. Edit the URI field so that it contains a valid SMTP Endpoint. URI should be smtp://<hostname> or smtps://<hostname>
  5. Edit the Default From Address field so that it contains a valid email account address to be used by the notification emails sent through Password Reset
  6. Click outside of a field to save

Configure the web site URL

  1. Navigate to the IDE
  2. Click on the Security Providers button
  3. From the Configuration panel, click on More > Sites and either create or edit the existing URL
  4. Enter the appropriate Web Site URL value for the Vinyl app you are configuring Password Reset for. For example:
  5. Click on the Save button

Optional password reset customization options

The Password Reset feature has a few areas related to the messages and email templates you can customize, if desired. For example, you may wish to change the text that the notification emails send out through this feature. Customization options for this feature are available under Vinyl IDE → Secure your Application → Local User → Password Reset. The customizable options (with the exception of the Length token value, which is not customizable) are as follows:

Field Name Description
Alert Message Modify the email text that sends out upon successfully resetting the user password
Expiry Number of minutes the reset password email is valid for
Invalid Token Message displayed to a user after clicking the Reset Password button in the email if the token has expired or the security code is invalid.
Length Password Reset token's security code measure in bytes. The security code length defaults to 16 (128 bits) and is not configurable.
New Password Message displayed to the Anonymous User when asked to provide a new password.
Request Message displayed to the Anonymous User requesting a password reset.
Request Message Modify the email text that sends out upon a user requesting to reset their password
Success Confirmation message displayed to a user after a successful password reset.


If you run into issues using the Password Reset feature, please see the Troubleshooting section in the Configuring smtp article.