[midPoint] Initial credential distribution and password reset

[Robert Spellman]

We are an educational institution looking at replacing our IDM solution.
Every summer, we need to be able to provision hundreds of user accounts for
new faculty and students, and provide them the ability to login the first
time and set up their credentials.  We assign each user their username and
email address, which is automatically generated based upon a combination of
first and last name.

I have a test implementation of midPoint running, with three resources
defined.  The first resource pulls in data from a csv file, which mimics
our Ellucian Banner system, which is the source of a majority of our user
attributes.  Importing this resource generates username and email address,
and automatically assigns a role, which begins the process of provisioning
accounts within the other two resources, Google (for email) and Active
Directory.

I have a few questions:


   1. How do others handle distribution of the credentials to allow new
   users to login to midPoint to set their password?  In our current IDM, we
   assign a one time password which is pre expired, and can only be used to
   login to the IDM and allow them to enter a new password.
   2. How do others handle the situation where a user has forgotten their
   password?  I've seen the old and new password reset configuration pages
   within the wiki.  I'm hoping someone has some other thoughts on how to do
   this.

For most users, we do have an additional email address for them, which we
could use as the email accounts which we send their password reset link.

Robert Spellman
*Associate Director for Network Services*
Information and Library Services
Bates College
p: 207-786-6422
a: 110 Russell Street, Lewiston, ME 04240
w: www.bates.edu  e: rspellman at bates.edu <rspellmann at bates.edu>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200416/8eabf357/attachment.htm>