SSPR does not honor NMAS setting to email password to user

  • 7014711
  • 06-Mar-2014
  • 07-Mar-2014


Forgotten password module
eDirectory 8.8
SSPR configured to use NMAS 


Users are forced to change password after successfully answering challenge questions in forgotten password module.
This is the behavior even if  SSPR is configured to use NMAS, and NMAS is configured to email the forgotten password to users. Since NMAS was configured to email password, the expectation was that users would be emailed a password  by SSPR. This does not happen.


This is working as designed. Enhancement request has been entered.  

Workaround:  Configure SSPR to send a password to the user via email.  In the SSPR configuratoin manager, on the Modules, Forgotten Password page is an option called "Forgotten Password Success Action.   This can be set to email a new password to the user, as opposed to allowing the user to create a new password. 


Reported to Engineering

Additional Information

SecureLogin reads and uses the NMAS Universal Password settings, but not the NMAS Forgotten Password settings.
See the screenshot below from iManager of an NMAS password policy.