There are two main options for authenticating users for password reset (and account unlock) requests:
- Have IdentityNow perform the authentication
- Have an external Identity Provider (IDP) perform the authentication
For the first option, there are multiple authentication methods available. These include both internal (SailPoint) and external methods. For more information, refer to Setting Password Reset and User Unlock Methods.
In addition, for the first option, two-factor authentication (2FA) can be configured. For more information, refer to to Enabling Two-Factor Authentication.
For the second option, if a user tries to reset their password (or unlock their account), they will be directed to their external IDP to authenticate. After the IDP verifies their identity, they are sent back to IdentityNow to reset their password (or unlock their account). For more information, refer to Using External Authentication for Password Resets and Account Unlocks.
