@@ -807,4 +807,80 @@ The admin can also disable 2FA for a User using the action button as shown below
807807 If the admin themself loses the authenticator application or forgets the static PIN, then the admin
808808 will have to either use apikey to disable 2FA using the API setupUserTwoFactorAuthentication with
809809 enable flag to false or to do the database changes in 'user' table by clearing the columns
810- 'is_user_2fa_enabled', 'key_for_2fa', 'user_2fa_provider' for the specific entry.
810+ 'is_user_2fa_enabled', 'key_for_2fa', 'user_2fa_provider' for the specific entry.
811+
812+ Password Recovery for Users (Forgot Password)
813+ ---------------------------------------------
814+
815+ CloudStack supports password recovery using email. To enable this feature,
816+ set global setting `user.password.reset.enabled ` to `true `. The following
817+ global settings are available to configure SMTP for password recovery.
818+
819+
820+ .. list-table :: Password Recovery Global Settings
821+ :header-rows: 1
822+
823+ * - Global setting
824+ - Default
825+ - Description
826+ * - ``user.password.reset.enabled ``
827+ - `false `
828+ - Determines whether password recovery via email is enabled or not.
829+ * - ``user.password.reset.ttl ``
830+ - `30 `
831+ - TTL in minutes for the token generated to reset the ACS user's password.
832+ * - ``user.password.reset.email.sender ``
833+ - `null `
834+ - Sender for emails sent to the user to reset ACS user's password
835+ * - ``user.password.reset.smtp.host ``
836+ - `null `
837+ - Host for SMTP server
838+ * - ``user.password.reset.smtp.port ``
839+ - `25 `
840+ - Port for SMTP server
841+ * - ``user.password.reset.smtp.useAuth ``
842+ - `false `
843+ - Use auth in the SMTP server
844+ * - ``user.password.reset.smtp.username ``
845+ - `null `
846+ - Username for SMTP server
847+ * - ``user.password.reset.smtp.password ``
848+ - `null `
849+ - Password for SMTP Server
850+ * - ``user.password.reset.mail.template ``
851+ - `Hello {{username}}! `
852+
853+ `You have requested to reset your password. Please click the following link to reset your password:``
854+
855+ `http://{{{resetLink}}} `
856+
857+ `If you did not request a password reset, please ignore this email. `
858+
859+
860+ `Regards, `
861+
862+ `The CloudStack Team `
863+ - Template of mail sent to the user to reset ACS user's password. This uses
864+ mustache template engine. Available variables are: `username `,
865+ `firstName `, `lastName `, `resetLink `, `token `.
866+
867+
868+ Once the global settings are configured, follow the below steps to reset the
869+ password for a user:
870+
871+ #. Open the "Forgot Password" link on the login page.
872+
873+ .. figure :: /_static/images/default-login.png
874+ :align: center
875+
876+ #. Enter your username and domain name and click on "Submit".
877+
878+ .. figure :: /_static/images/forgot-password.png
879+ :align: center
880+
881+ #. An email will be sent to the User with a link to reset the password.
882+
883+ #. Open the link in the email and set the new password.
884+
885+ .. figure :: /_static/images/reset-password.png
886+ :align: center
0 commit comments