IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

Cloud Identity Admin Password : A Journey of Self Recovery

By Rajeev Kumar posted Fri October 25, 2019 12:48 PM

  

Resetting Password and Re-enabling an account are two of the most popular incidents/requests being raised to Operations team in Software management. The statistics have shown exponential increase in the incident count with new password policy that requires minimum 16 bit long password in-addition to more complex rules to keep it secured.  

Currently, in Cloud Identity, if a user forgets his password or his accounts gets disabled, he has to resort to the only solution that goes via his account administrator.  

However, what would happen, when the Super Admin himself have forgotten his password? Specifically, for a product hosted on cloud! In usual cases, it could lead to a lengthy remediation process that starts from sending email to the concerned authority. However, this is not the case any more in Cloud Identity. 

I have shared a self-recovery with detailed steps and demo video for a Super Admin to be self-sufficient in recovering his forgotten password or accidentally disabled account on Cloud Identity. 

Introduction  

Managing Cloud Identity infrastructure, applications and users is complex. To achieve this, the system must be available all the time. For an Administrator, losing access to system due to forgotten password or accidental account lockout could result into major crisis, which could further lead to business losses for organization. 

In Cloud Identity, we can term it as Auto-Remediation of locked account or forgotten password, which is not a myth anymore. As, following steps demonstrate the possible way to  self remediate without raising tickets and waiting for hours. 

Journey of Self Recovery  

Pre-requisite: 

It’s a one-time operation and a lifetime insurance: Create API Client and with all grant access and have Client ID and secret stored with you. 

Remediation Step: 

Execute the API’s to reset the password. 

Execute the API’s to create the user and assign to admin group , if user info is lost. 

Execute the API’s to Enable the Admin User if its is disabled. 

 

Scenario  


 

Sample Script: 

https://ibm.box.com/s/f8wq9rbkqfwet81ldtsq0xa3y5ohln8c 

0 comments
7 views

Permalink

https://community.ibm.com/community/user/blogs/rajeev-kumar1/2019/10/25/cloud-identity-admin-password-a-journey-of-self-re