Password reset overview

BMC AMI Security Self Service Password Reset (SSPR) allows users to securely reset a forgotten mainframe password or passphrase without contacting security administration or helpdesk. You can also configure the product to allow users with a valid current password or passphrase to unlock their user ID if it is revoked.

CA Top Secret support is added for (SPE2107).

CA ACF2 support is added for (SPE2204).

SSPR provides the following features and functionality:

  • You can restrict the features to a subset of end users, or you can enable all end users.
  • After you install and configure the product in CA ACF2, RACF, or CA Top Secret, end users create a secure profile using their current mainframe user ID and password or passphrase. The profile contains a PIN number, security questions, and  reminder answers. The profile is encrypted and securely saved in the CA ACF2, RACF, or CA Top Secret database.
  • As an additional layer of authentication, SSPR can also send an email message with temporary access codes.
  • You can configure SSPR with minimal authentication, which allows end users to reset their password or passphrase from an emailed access code. In this way, each end user does not need to create a secure profile.
  • After the initial configuration, and depending on the number of authentication layers that you configured, you can require end users to enter the PIN number and answer security questions to reset their password or passphrase. The reminder security questions provide hints to the previously saved answers. You can also require end users to enter a unique access code that is sent to their registered email address.
  • In environments with multiple CA ACF2, RACF, or CA Top Secret databases, you can configure SSPR to enable end users to create their profile on multiple CA ACF2, RACF, or CA Top Secret databases simultaneously. Similarly, if end users forget their password or phrase, they can reset it on these systems simultaneously.

All SSPR activity is fully audited in the RSS Audit Log and optionally written to SMF records.

Related topic

Getting-started

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*