Changing password with MFA/OTP
Hello all,
I've included an excerpt from somebody's previous question on this topic here, for the purpose of searching and future use by people coming across the same problem:
Change password with MFA/OTP | Support Center (pega.com)
"After upgrading to Pega 8, whenever a user's password becomes expired the next time they log in they are redirected to the change password screen. The user is sent the OTP. Once they submit the OTP, they then see a screen with the Pega logo and the text Security policies required that you change your password. See attached screenshot. This is where the user would input their new password and confirm it but these fields are not visible. I did see a support article on the topic. I followed the steps to resolve but it still isn't fixed. I checked the visibility condition on this part of the section and another set of conditions were added (looking for either pyChangePassword or pyChangePasswordOnNextLogin to be true). These properties are both false. Anyone else experience this? Is there a fix included in an upcoming patch? Anyone have any suggestions on how to resolve this?"
--
Hello all,
I've included an excerpt from somebody's previous question on this topic here, for the purpose of searching and future use by people coming across the same problem:
Change password with MFA/OTP | Support Center (pega.com)
"After upgrading to Pega 8, whenever a user's password becomes expired the next time they log in they are redirected to the change password screen. The user is sent the OTP. Once they submit the OTP, they then see a screen with the Pega logo and the text Security policies required that you change your password. See attached screenshot. This is where the user would input their new password and confirm it but these fields are not visible. I did see a support article on the topic. I followed the steps to resolve but it still isn't fixed. I checked the visibility condition on this part of the section and another set of conditions were added (looking for either pyChangePassword or pyChangePasswordOnNextLogin to be true). These properties are both false. Anyone else experience this? Is there a fix included in an upcoming patch? Anyone have any suggestions on how to resolve this?"
--
When configuring a new access group, which was largely based off the same Access Roles of existing access groups, I was unable to login with a new operator ID when MFA was enabled. Instead of offering the change password screen immediately following the provision of the one-time password, an empty screen was displayed and from debugging it was clear that I was still on the Change Password screen (looking at the HTML in the DOM, seeing the pzChangePasswordWithMFA section being referenced).
It transpires that the customisation of our Access Role to Objects, using conditional access, was causing an authorisation failure and Pega was stopping the user from opening their own Operator ID record. Because the Operator ID record could not be opened, the pyOperPage.pyChangePassword and pyOperPage.pyChangePasswordOnNextLogin values were not set and the conditions for displaying the necessary sections were therefore not met.
In my case it was simply a case of reviewing the Data-Admin-Operator-ID AROs and ensuring the user could open its own operator ID.
This has been raised as a question for the purpose of future searches by others who come across the same situation - as a search for the key terms and properties named here was not fruitful for me.
Hope this helps!
Ben