Setting Up Self-Service Password Reset in JD Edwards EnterpriseOne

The Self-Service Password Reset capability available in JD Edwards EnterpriseOne allows users to reset their passwords without having to get an administrator involved. This allows users to avoid the downtime of waiting for an administrator and allows administrators to continue working on their tasks rather than stopping to reset a user’s password. With the ability to reset their own passwords, users can get back into EnterpriseOne and working more quickly. Self-Service Password Reset was first implemented in EnterpriseOne Tools Release 9.2.7 and that Tools Release is the minimum version needed for this capability to work.

JDE login screen

The process that EnterpriseOne goes through for Self-Service Password Reset follows this structure:

  • The user selects to reset their password on the login screen.
  • The user enters their User ID and hits the button to reset their password.
  • EnterpriseOne sends an email to the user with a link to an EnterpriseOne HTML login page that will allow them to enter and confirm a new password.
  • Once the new password is entered, the user selects the environment to log in to and they are back in and able to work.

But there are a couple things that need to be set up to activate this capability. These prerequisites need to be configured and tested successfully before Self-Service Password Reset will work.

  • Each user needs to have an Address Book number.
  • Each Address Book number needs to have a Who’s Who email address set up, mapping the User ID to each person’s individual email address.
  • The Enterprise/Logic Server needs to have email configured and working.
  • The HTML servers need to have a default environment listed.
  • EnterpriseOne needs to be on Tools Release 9.2.7+

The Oracle documentation for this setup can be found in the Security Administration guide found on Oracle’s documentation site: https://docs.oracle.com/en/applications/jd-edwards/administration/9.2.x/eotsc/security-administration-guide.pdf

PREREQUISITES

Each user needs to have an Address Book number.

  • Use P0092 and/or P0092L to add an Address Book number to each user:

JDE address book screen.

Each Address Book number needs to have a Who’s Who email address setup, mapping the User ID to each person’s individual email address.

  • Use P01012, find the Address Number for the user to be set up.
  • Select Row | Who’s Who

JDE screen, who's who field.

  • Select the user.
  • Select Row | Email / Internet

JD Edwards screen, email row.

  • Add an email address for this user and select the OK check mark.

JD Edwards screen, email address field.

The Enterprise/Logic Server needs to have email configured and working.

  • Log into Server Manager Console and open the Enterprise/Logic server that needs email setup.
  • On the left, under Configuration, change the view to Advanced and select Miscellaneous.

JDE Server Manager screen.

  • In Miscellaneous, look for E-Mail Configuration. Check the settings and verify they are all correct.

JDE Service Manager screen, email configuration.

There are a couple ways to test that email is working from this server.

1. Server Manager Console will most likely be set up with the same email configuration as the Enterprise/Logic server. Go to Server Activity, under E-Mail Configuration and you will see SMTP Settings. Enter the test email address and hit the Test button to see if an email is sent. Make sure to check your Junk folder in case it goes there instead of the Inbox.

JD Edwards Server Manager console.

2. You can also test if email is working from command line. From a Windows Enterprise server, open a command window and type:

************

telnet mailserver.outlook.com 25
helo
mail from: [email protected]
rcpt to: [email protected]
data
Subject: Test email
This is a test.
.
************.

The dot at the end exits out of the email script and should queue the message for delivery.

Command line screen.

The HTML servers need to have a default environment listed.

  • Open the HTML server configuration in Server Manager Console.
  • Go to Configuration on the left and change the View to Advanced.
  • Select Web Runtime.
  • Verify the Default Environment is configured.

JD Edwards screen.

EnterpriseOne needs to be on Tools Release 9.2.7+ to take advantage of Self-Service Password Reset.

  • If Tools Release 9.2.7 has not been installed, install it following the Required Components documentation from Oracle’s Support site. This will require a full package to be built and deployed for the environment you will be testing.

CONFIGURATION FOR SELF-SERIVCE PASSWORD RESET

Now that the prerequisites are all set up and verified, you can enable Self-Service Password Reset in EnterpriseOne.

  • Open P98OWSEC, or if Long Passwords are enabled, P98LPSEC. The Long Password setup is not required to turn on Self-Service Passwords.
  • Select Form and Revise All to set Password Configuration settings for all users.

NOTE: Password Change Frequency can be set per user (using Row | Revise Security) but the Reset Password Configuration options will only show under Form | Revise All.

JD Edwards screen.

  • In the Security Detail Revisions screen, check the Frequency and Reset Password Options under Change. This will turn on Password Change Frequency (Frequency), Password Expiry Notify Time, Password Expiry Notification Interval, and Rest Password Link Active Time (Reset Password Options).

JDE Screenshot

  • Frequency:
    • Password Change Frequency is the maximum number of days between password changes. If the password is older than 90 days, like in this example, EnterpriseOne will require the password to be changed upon the next login for that user.
  • Reset Password Options:
    • Password Expiry Notify Time is the time of day, based on server time, that EnterpriseOne will send notifications to users for passwords that are about to expire.
    • Password Expiry Notification Interval is the number of days before the password expires that EnterpriseOne will send notifications. This can be set with multiple days, comma delimited. Therefore, 3,5,7,10 sets password notifications to be sent 3, 5, 7, and 10 days before the user’s password expires.
    • Reset Password Link Active Time is the number of minutes the password link that is sent via email will be active. After that time, the link expires.
    • NOTE: If these configuration settings are cleared out – set to blank – and the OK button is selected, Self-Service Password Reset will be turned off.

TESTING FOR SELF-SERIVCE PASSWORD RESET

  • On the EnterpriseOne login page, select the Reset Password link.

JDE screenshot

  • The screen will switch to include a Reset Password button. Type the User ID to be reset and hit the Reset Password button.

JD Edwards screenshot.

  • The message above the User ID will change to say an email has been sent.

JD Edwards screen.

  • Check your email for the message. NOTE: Check the junk email folder in case the message goes there.
  • The email should be similar to this with the subject reading “Request for JD Edwards EnterpriseOne password reset”:

Email screenshot.

  • Click on the link in the message. NOTE: You need to be in the domain or VPN’d into the domain for this link to work. It’s going to the EnterpriseOne URL – http://servername:port/jde/E1Menu.maf – which means the server name needs to be known and reachable from your browser.
  • Select the Proceed to Site button. NOTE: You may need to adjust Outlook and/or work with your network engineers to eliminate the warnings that this site might not be safe.

Link protection screen.

  • The link will take you to an EnterpriseOne login page to create a new password. Type in your new password twice – once to create it and once to confirm it – and then select Reset Password.

JD Edwards login.

  • An environment selection screen will come up and will show whether the user has one or multiple environments. Select an environment and hit OK.
  • Users with multiple environments assigned to them:

JDE screenshot

  • User with only one environment assigned to them:

JD Edwards screenshot.

  • When successfully logged in the user will see their normal default page:

JDE diagram

  • The user will then get an email showing the password reset was successful:

JDE email

EXTRA CONSIDERATIONS FOR SELF-SERIVCE PASSWORD RESET

Disabled Users

  • If the user is disabled, the Reset Password link will not work. This is the message that will be returned if the user is disabled. In this case, an administrator will need to enable the user before they can log in.

JDE sign in.

CONCLUSION

Self-Service Password Reset is helpful by allowing EnterpriseOne users to reset their own passwords, saving them time by not waiting for someone else to reset their password, and saving the administrator work that can be easily automated. It does require some setup but uses functionality that, for most customers, has already been configured. Once Tools Release 9.2.7+ has been installed and a full package built and deployed, a couple simple steps for configuration and verification can have Self-Service Password Reset up and running.