Getting started with ForgeRock Identity Cloud journeys: Part 6 - Reset Password journey

This is Part 6 of 8 in the series Getting started with ForgeRock Identity Cloud journeys.

Reset Password journey ~ 10 minutes

The Reset Password journey supports a self-service option to let users reset their own passwords.

Configuring a realm user with a valid email address

  1. In a supported browser, log into your Identity Cloud Admin UI.

  2. In the alpha realm, go to Identities > Manage, and choose a user to perform the Reset Password journey. In this example, we are using ‘fruser2’ (created in Part 2 - Multi-Factor Authentication (MFA) journeys).

  3. Set user’s the Email Address attribute to an active email address.

  4. Go to Journeys > ResetPassword and click on the journey image to view/edit the journey.

  5. Click on the Attribute Collector node in the Page Node to view the node properties. Notice the mail attribute in the node properties.

  6. Click on the Identify Existing User node and notice that the mail attribute is being used as the Identity Attribute to identify an existing Identity Cloud user.


  7. Click on the Email Suspend Node, which generates and sends an email to the user as per the Email Suspend Message.

    On reaching this node, the authentication pauses until the user clicks on the URL received in the email. The URL has the required information to resume the journey from where it was suspended.

  8. Click Save and ← Journeys to go back to the home page.

  9. On the side menu, click on Email to look at both the template and the default Email provider configurations.

    When the user clicks on the URL received from the Email Suspend Node, the journey prompts the user for a new password using the Platform Password node and updates the user profile with the new password supplied using the Patch Object node.

Testing the ResetPassword journey

  1. Go back to the list of journeys in the alpha realm, click on the ResetPassword journey and copy the preview URL.

  2. Open the ResetPassword journey preview URL, in a browser different from the one that has an active Identity Cloud admin session.

    The user is prompted for an email address. Use the active email address configured in the earlier step and click Next.

  3. Look for an email from ForgeRock Identity Cloud Team in the inbox of the email account provided. Check the spam/junk folder if it is not in the inbox. Mark the email as safe, if required.

    Click on the ‘Password reset link’ in the email.

  4. Enter a new password that satisfies the password requirements and click Next.

    The user lands on the Identity Cloud end user dashboard page.

  5. Sign out of the end user dashboard.

Further reading

Other guides in the Getting started with ForgeRock Identity Cloud journeys series: