Enable Users to Recover Password with PIN Code

Users can choose to provide PIN code to reset their password.

Prerequisites

You are assigned the Manage Tenant Configuration role. For more information about how to assign administrator roles, see Edit Administrator Authorizations.

Context

Caution:

For security reasons, the PIN Code is not a recommended password recovery method. The users can follow the Forgot Password link on the sign in page to reset their password via email.

You can configure the applications in the tenant to allow users to provide PIN code to reset their password instead of receiving an email with a reset password link.

For this setup, you as a tenant administrator, configure the PIN code option in the Tenant Settings section in the administration console, and the users set their PIN code in the profile page.

Once the PIN code is configured, the user can use this option to reset the password. The user must have set their PIN code in the profile page to be able to reset password via this option.

If the PIN code option is configured in the admin console, end users that haven't set up their PIN code are triggered to do it as a post logon step. Optionally, they can choose to set up the PIN code later.

If end users choose the Don't ask me again check box, the prompt won't be shown anymore. End users still can set up the PIN code in their profile page.

PIN Code Characteristics

Characteristics	Notes
Allowed Characters	Base 10 digits (0-9)
Min Length	Between 4 and 32 characters; configurable on tenant level
Max Length	32 characters
Required	Setup later and Don't ask me again are configurable
Target Users	None - the PIN code option isn't offered to the users and all PIN code configurations in the administration console are disabled Users without email - only users that don't have emails are able to reset password via PIN code All users - everyone can choose this option to reset the password Specific groups - only users that belong to the selected groups can reset password via PIN code.
Lock	The reset password action with PIN code locks after 5 failed attempts. The logon with correct username and password is not interrupted.
Unlock	To unlock the PIN code, set an initial password for the user.

Remember:

It takes 2 minutes for the configuration changes to take place.

To configure PIN code option in the administration console, follow the procedure:

Procedure

Sign in to the administration console for SAP Cloud Identity Services.
Under Applications and Resources, choose the Tenant Settings tile.

At the top of the page, you can view the administrative and license relevant information of the tenant.
Under Authentication, choose the Password Recovery list item.
Select the PIN Code tab.
Under Target Users, choose users that can reset passwords with PIN code:
- None - default choice
  
  Note:
  
  If selected, the PIN code configurations in the administration console are disabled.
- Users without email
- All users
- Specific groups
  
  Note:
  
  When you select this option, you must specify the specific group or groups for which you enable password recovery via PIN code.
Under Settings, choose the minimum required length of the PIN code.
Optional: Select the Show "Setup later" check box.

When selected, the end users see the option to set up the PIN code later.
Optional: Select the Show "Don't ask again" check box.

When selected, the end users see the option to hide the prompt to set up their PIN code.
Save your configuration.