PingAM 8.0.0

Configure user self-service

The following table summarizes the high-level tasks required to configure the user self-service features:

Task Resources

Create encryption and signing keys

The user self-service features require a key pair for encryption and a signing secret key. Create one of each for each instance of user self-service you plan to configure.

Configure a user self-service instance

Each realm requires its own instance.

Configure user self-service security

Configure at least one security method for each feature:

  • Configure the email service to send an email to users who are registering, resetting their passwords, or users who have forgotten their username.

  • Configure knowledge-based questions that users must answer to reset their passwords.

  • Configure Google reCAPCHA to protect user self-service features from bots.

Configure user self-service features

Configure the features that your environment requires.

Create a user self-service instance

  1. In the AM admin UI, go to Realms > Realm Name > Services and select Add a Service.

  2. Select User Self-Service from the list of possible services.

  3. Populate the values of the Encryption Key Pair Alias and the Signing Secret Key Alias properties with the names of the key pair aliases in your JCEKS keystore.

    By default, the demo keys are displayed in grey. This does not mean the fields have values.

    For example, if you are using the demo keys in the default keystore.jceks file, set the properties as follows:

    • Encryption Key Pair Alias to selfserviceenctest.

    • Signing Secret Key Alias to selfservicesigntest.

      The demo key aliases are for test or evaluation purposes. Don’t use them in production environments. Read Create self-service key aliases to create new key aliases.

  4. Enable each of the user self-service features you require.

  5. Select Create.

  6. On the User Self-Service page, configure each feature as described in the sections that follow.