Password Reset Endpoints
Password Reset Endpoints define profiles for Mideye Server’s self-service assisted password reset portal. Each profile generates a public URL where end users can initiate a password reset, receive approver validation, and set a new password — all without administrator intervention.
Navigate to External Endpoints → Password Reset Endpoints to manage profiles. Requires the Administrator role or above.
Profile List
Section titled “Profile List”The list view displays all configured password reset profiles.
| Column | Description |
|---|---|
| Name | Profile name. Default sort column (ascending). |
| Assisted Login profile | The associated assisted login profile. Rendered as a clickable link to the profile editor for administrators. |
| Password Reset Portal URL | The full public URL for the self-service portal (/password-reset/{id}). Includes a copy-to-clipboard button. |
| Action | Edit and Delete buttons (administrator only). |
Profile Editor
Section titled “Profile Editor”The editor uses a three-tab form.
General Settings Tab
Section titled “General Settings Tab”| Field | Description | Default | Validation |
|---|---|---|---|
| Name | Unique profile name. Validated asynchronously for uniqueness. | — | Required. Max 255 characters. |
| reCAPTCHA site key | Google reCAPTCHA v2/v3 site key for bot protection on the public portal. | — | Optional. |
| reCAPTCHA secret key | Corresponding reCAPTCHA secret key for server-side verification. | — | Optional. |
| Password change help text | Instructions displayed to the user on the password change page. | Set your new password | Required. |
| Client name for logs | Name recorded in authentication and accounting logs for password reset events. | Password reset | Required. |
| OTP limit per minute | Maximum number of one-time passwords that can be sent per minute per session. | 5 | Required. 1–60. |
| OTP limit per hour | Maximum number of one-time passwords that can be sent per hour per session. | 30 | Required. 1–3600. |
| Permits per second | Global rate limit for API requests to this profile’s portal endpoint. | 100 | Required. 1–1000. |
Account and Assisted Login Settings Tab
Section titled “Account and Assisted Login Settings Tab”Configures the user repositories and approver workflow for this profile.
| Field | Description | Default | Validation |
|---|---|---|---|
| Assisted Login profile | The assisted login profile that defines approvers and approval rules. | — | Required. |
| Use Mideye database | When enabled, searches the local Mideye user database for the resetting user. | Disabled | — |
| LDAP Profiles | Select one or more LDAP profiles as user repositories for locating the user account. | None | — |
The assisted login profile is mandatory — password reset requires an approver to validate the user’s identity before the password change is permitted.
Session Settings Tab
Section titled “Session Settings Tab”Controls the authentication flow behavior for the approver interaction.
| Field | Description | Default | Validation |
|---|---|---|---|
| Mideye+ Touch title | Title displayed in the Mideye+ push notification sent to the approver. | Approve the assisted password reset request | Required. |
| Mideye+ Touch display text template | Message body in the push notification. Use %s as a placeholder for the username. | User [%s] has requested approval to reset their password | Required. |
| Non-plus approvers SMS | SMS text sent to approvers who do not have the Mideye+ app activated. | To approve a password reset request, activate the Mideye+ app. | Required. |
| Session timeout in minutes | Maximum duration of a password reset session before it expires. | 10 | Required. 1–1440 (24 hours). |
| OTP length | Number of digits in the one-time password sent to the user. | 8 | Required. 6–10. |
| Touch delivery timeout in seconds | Maximum time to wait for the Mideye+ push notification to be delivered to the approver’s device. | 10 | Required. 1–600. |
| Touch approver response timeout in seconds | Maximum time the approver has to respond to the push notification. | 30 | Required. 1–30. |
Password Reset Workflow
Section titled “Password Reset Workflow”The public portal at /password-reset/{profileId} guides end users through a multi-step workflow:
- Start — the user enters their username. If reCAPTCHA is configured, they must complete the challenge. The system locates the user in the configured repositories.
- OTP verification — a one-time password is sent to the user’s registered phone number. The user enters the OTP to verify their identity.
- Approver validation — a push notification or SMS is sent to an authorized approver defined in the associated assisted login profile. The approver must approve the request.
- Password change — once approved, the user sets a new password.
Rate limiting is enforced per profile using the configured OTP limits and permits-per-second values.
Permissions
Section titled “Permissions”| Action | Required Role |
|---|---|
| View profiles | Operator or above |
| Create, edit, or delete profiles | Administrator or above |
| Access public portal | Unauthenticated (rate-limited) |