I forgot my password

iTop provides a mean for the end-users to regain access to iTop… without bothering an administrator.

Prior to iTop 2.0.2, this feature was not available. As the feature is enabled by default, upgrading to 2.0.2 will make it be available unless you disable it

Workflow

A new link, at the bottom of the login form, allows the end-user to regain access to iTop.

Login page

The end-user gives his/her login identifier.

Reset Password

iTop searches for the corresponding account, and sends an email.

The user gets the email

The user clicks on the given link, and get a form to change the password (the old password is -for sure!- not requested, as opposed to the standard form to change a password).

The Password complexity rules defined by the administrator, must be fulfilled:

Security concerns

The link given to the user is a single usage link.

If the user attempts several times to reset his password, then only the latest link will be valid.

The email address must correspond to the login. That is the key point.

Configuration

As the features relies on sending emails, you must first ensure that iTop has the capability to send emails. To check if it currently working, use the page /setup/email.test.php. To configure emailing, see Email configuration. Please note that such emails are sent synchronously even if the emails are configured to be sent asynchronously.

Moreover, the feature relies on the accounting data:

  • The user must be of type iTop user (it will not work for LDAP users)
  • A contact must be associated to the user
  • The contact must have a valid email configured

If none of your users will benefit from the feature, then you can disable it by setting the forgot_password parameter to false in the iTop configuration file. In such a case, the hyperlink will disappear from the login page.

Unless you configure the parameter forgot_password_from in the Configuration file, the sender of the “forgotten password” email, will be the recipient's email address, which can be filtered as spam by some email servers.

Errors

There are a few conditions to be met unless the feature is not available for a given user. Here is a screen shot of a failed attempt:

latest/admin/forgot_password.txt · Last modified: 2024/09/10 10:25 by 127.0.0.1
Back to top
Contact us