Community
Select to view content in your preferred language

Disable password reset functionality

1611
3
08-04-2021 09:02 PM
AngusHooper1
by
Frequent Contributor
‎08-04-2021 09:02 PM

ArcGIS Enterprise Portal allows you to set showForgotUsername: false in the config.js and it also allows you to disable the ability for users to create built-in accounts via the portal organisation settings page. What is missing is the ability to disable the "forgot password" interface. Using this interface allows someone to confirm/deny the existence of accounts within the identity store even if that identity is within the built-in store or a 3rd party identity store (e.g. ldap).

Is there a mechanism for disabling the ability to reset a password for an account in Portal?

3 Replies
STINGERSIG_EDF-DPI
by
New Contributor
‎07-06-2022 07:45 AM

this deserves an answer, when using LDAP only, forgotten password requests get sent to ESRI, that's nonsense

YatharthSah
by
Emerging Contributor
‎04-11-2023 09:04 PM

Yes possible.
<Installation Directory>\webapps\arcgis#home

 

Rename the troubleshoot.html file to troubleshoot_old.html file.

It will disable Forgot password functionality

RandallWilliams
by Esri Regular Contributor
Esri Regular Contributor
‎01-26-2024 11:59 AM

This work around is a hack and does nothing to change the back end API. It just obfuscates the troubleshoot.html page. Please log an enhancement with support to block this capability if you're using IWA OR if you're only allowing organization-specific logins.