Hey chanken

might be helpful to you.

Set Password Reset properties:

you can specify properties that configure the Password Reset experience for end users.

Role required: password_reset_admin

About this task

While there are no range limits for the values you can enter for properties, consider using only positive integer values starting at 1. When you determine the limit for the upper range of a property, consider the task that the user is performing.

For example, you would not want to allow 100 attempts for users to verify their identity. A more common value is three attempts. Similarly, you may not want to force users who are completing the enrollment process to spend time selecting and answering 30 security questions. The more commonly used number of security questions is between five and seven.

Note: The following properties affect

Password Reset, but do not appear on the

Password Reset > Properties page:

• For Password Reset on mobile devices, you can specify the URL that the user is taken to when user taps the Forgot password?button. See theglide.security.password_reset.uriproperty in High Security SettingsHigh Security Settings.
• You can add the glide.pwd_reset.onetime.token.validityproperty to the System Properties [sys_properties] table to specify the number of hours that the Password Reset token should be valid. Default: 12.

Procedure

1. Navigate to Password Reset > Properties.
2. Update settings as needed and then click Save.

   Password Reset Global properties
   Workflow polling frequency	password_reset.wf.refresh_rate	Time period in milliseconds between checks on status of the workflow. Type: integer Default value: 500
   Workflow expiration	password_reset.wf.timeout	Maximum wait time in milliseconds for the workflow to complete. The workflow is triggered during the password reset request when the user clicks Submit. Type: integer Default value: 90000
   Disable CAPTCHA validation functionality	password_reset.captcha.ignore	Enables or disables CAPTCHA functionality. Type: true|false Default value: false The Password Reset application uses Google re-CAPTCHA as the default CAPTCHA service. To use the base system CAPTCHA, change thepassword_reset.captcha.google.enabled system property to false.See Configure Google reCAPTCHA
   Password Reset Request properties
   Number of unsuccessful attempts allowed to reset/change password	password_reset.request.max_attempt	Number of password reset attempts a user has before they are locked out for a period determined by the value in max_attempt_window. Type: integer Default value: 3 (attempts)
   Number of minutes a user must wait to reset/change password after exceeding the maximum allowed unsuccessful attempts	password_reset.request.max_attempt_window	Time period that users are blocked or prevented from changing their passwords after trying the maximum number of times. Type: integer Default value: 1440 (minutes)
   Number of minutes a user must wait to reset/change password after the last successful reset/change	password_reset.request.success_window	Time period that a user must wait after successfully resetting the password to reset the password again. Type: integer Default value: 1440 (minutes)
   Number of minutes a user must wait to start a reset request after the last successful unlock account	password_reset.request.unlock_window	Time period that a user must wait after a successful unlock operation before starting a new request. Type: integer Default value: 1440 (minutes)
   Number of minutes before a password reset request expires	password_reset.request.expiry	Time period that a user is allowed to perform the Password Reset process. Type: integer Default value: 10 (minutes)
   Password Reset Security Question properties
   Minimum number of characters in any answer	password_reset.qa.ans_min_len	Minimum number of alphanumeric characters that the user must enter in the answer text box for any security question.Default value: 3 characters
   Number of security questions required during the password reset request	password_reset.qa.num_reset	Number of questions that a user must answer to verify identity during the Password Reset process. Type: integer Default value: 3 (questions) Possible values: Integers that are less than the number specified for the num_enroll property. Note: You can override this security question property by adding the num_reset parameter in the security question verification.
   Number of security questions required during enrollment	password_reset.qa.num_enroll	During the enrollment process, the number of questions that a user must answer to be enrolled in the Password Reset program. Type: integer Default value: 5 (questions) Note: You can override this security question property by adding the num_enroll parameter in the security question verification.
   Password Reset SMS Code properties
   Maximum number of SMS codes sent for verification per day	password_reset.sms.max_per_day	Maximum number of SMS codes that are sent to a user within one 24-hour period. The 24-hour period begins when a user clicks Send Code. Type: integer Default value: 10 (per day) Note: You can override this SMS code property by adding the max_per_dayparameter in the SMS code verification.
   Number of minutes before the user can attempt to send another SMS code for verification	password_reset.sms.pause_window	Time that must pass before another SMS code can be sent to a user. Type: integer Default value: 2 (minutes) Note: You can override this SMS code property by adding the pause_windowparameter in the SMS code verification.
   Number of digits in the SMS code sent to the user	password_reset.sms.default_complexity	Number of characters required for a user to reset their password. Type: integer Default value: 4 (digits) You can override this SMS code property by adding the complexity parameter in the SMS code verification.
   Number of minutes before the SMS code expires	password_reset.sms.expiry	Time, in minutes, until the SMS code sent to the user expires. Type: integer Default value: 5 (minutes) Note: You can override this SMS code property by the expiry parameter in the SMS code verification.
   Password Reset Monitoring and Reporting properties
   Time interval, in minutes, for counting blocked users	password_reset.activity_monitor.incident_window	Time window to count the number of blocked users. Type: integer Default value: 60 (minutes)
   Number of blocked users, in the defined time interval, that triggers a system log event	password_reset.activity_monitor.incident_threshold	Number of blocked (or locked) users, within the specified time window, that triggers a system log event. Type: integer Default value: 10 (blocked users

Please refer:

Configure Password Reset properties