Authentik - Password Recovery Flow Setup

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey what's up guys and welcome back so you have your authentic instance up and running and maybe thought to yourself gee i wish my users can service themselves and recover their own passwords with email well keep watching and i'll show you how to set up that flow as you can see on the page there isn't a link anywhere to click on to recover your password this video assumes that you have your email environmental variables in your docker compose file or better yet their reference in your docker compose file from your env file let's get started first let me log in with my username and you notice how the password field is actually on the second page later in the video i'll show you how to deal with this okay now that we're in go ahead and click your admin interface and the first thing i would like to set up is a password policy so i'll go ahead and click on customization and policies and create and i'll choose a password policy and click next in the name field i'm just going to name this password complexity and for minimum length i will choose 12 characters and i'll make all these other requirements one that's just my preference next you want to go ahead and enter an error message for if the complexity is not met and if you look under advanced settings you'll see the symbol character set which are considered symbols but we don't need to do anything here and click finish next we want to create our stages so click on flow and stages and click on stages and we're actually going to create two stages the first stage we're going to create is an identification stage so go ahead and click create and click on identification stage and click next for this i'll name it recovery authentication identification and the user fields i want available will be a username and email we don't need to mess with anything else in here go ahead and click on finish the next stage we'll create is an email recovery so click on create click on email stage and click on next i will name this recovery email go ahead and scroll down or subject i will put in password recovery and for template as password reset and click on finish next we want to create our recovery flow so go ahead and click on flow and create and i will name this recovery i will title it recovery and my slug will also be recovery for designation i will choose recovery and click create now we want to click on the recovery we just created and click on stage bindings we then want to click on bind stage for stage i'm going to go ahead and click the recovery authentication identification i created earlier for the order i'll keep it at zero but i will increment each of my stage bindings by 10 to make it easier to insert a stage in between if i need to later and click create click on bind stage again for stage click recovery email change my order to 10 and click create click bind stage once more click the default password change prompt increment your order one more click create and finally click bind stage for the last time first stage go ahead and scroll down to user write stage and go ahead and choose the default password change right increment your order again and click create now that we have all our stages bound i'm going to want to go ahead and click on the default password change prompt and edit that stage and under validation policies i'm going to go ahead and scroll down and choose the password complexity i created earlier and click update now let's go ahead and go back to the main flows page and click the default authentication flow and click on stage bindings okay now under stage bindings for the default authentication identification click edit stage right here where it says password stage choose default authentication password as you can see it says when selected a password field is shown on the same page instead of a separate page this prevents username enumeration attacks and we definitely want to limit any kind of attacks on whatever we're protecting go ahead and scroll down and expand flow settings scroll down some more and for recovery flow go ahead and choose recovery and click on update remember in the beginning when we had the password field on second page well we're going to go ahead and delete that since we now will have it on the first page go ahead and click on delete and everything should be set now let's go ahead and log out and test it as you can see the email or username and password fields are all on the same page and we now have this forgot username or password link down at the bottom so let's go ahead and test that out now we get this recovery field we'll go ahead and put our username in and click login and now recovery has sent our inbox a verification email so let's go ahead and check our email and as you can see we received a password recovery email go ahead and click on that and now all your user will need to do is click the reset password link clicking on the link brings us back to authentic where a new password can be set first let's test our password complexity policy and see if that works now as you can see from the error message that we configured earlier our password policy does in fact work now let's go ahead and enter a valid password and log in changing the password leads me back to the initial login screen so let's go ahead and log in and now i'll enter the new password that i entered the password updated successfully and i am in my authentic dashboard i hope this video helps anyone trying to configure password recovery via email but if you have any questions please feel free to leave them down in the comments below and go ahead and hit that like button and subscribe i'll see you in the next video once again thanks for watching

Info

Channel: Cooptonian

Views: 4,364

Rating: undefined out of 5

Keywords:

Id: NKJkYz0BIlA

Channel Id: undefined

Length: 9min 6sec (546 seconds)

Published: Thu Aug 04 2022