Recovery account

Account recovery allows users to request a reset of their master password if they have lost it.

There are 3 prerequisites:

The workflow will be as follows:

  1. User requests master password reset
  2. Admin accepts reset
  3. User sets new master password

Enable account recovery

  1. Go to the Enterprise Vault admin app
  2. Go to Settings 
  3. Enable the line Authorize account recovery
  4. Click Save button

image.png

The length of time for which the request is valid can also be set here.
The default setting is 2 hours.

Add account recovery rights to a user

  1. Go to your WALLIX ONE IDaaS admin page
  2. Go to Users and select an existing user
  3. Click Edit then Add an attribute
  4. Provide the following attribute:
    name: recovery_account
    kind: bool
    value: true

image.png


When this user will log in the Enterprise Vault user app, and if he is the first one with recovery rights(data or account), he will have the following message:

image.png

In fact, specific encryption keys are required to carry out recovery operations.
These are created when the first admin is authenticated.
Consequently, for subsequent admins, an admin who has the keys must share them.

  1. Go to your Enterprise Vault user app with an admin who has the recovery key
  2. Go to Settings, then Recovery keys
  3. Click Activate access for the new admins

image.png

Workflow

User requests master password reset

If the button "Start a password reset procedure" is not displayed, causes can be:
- The "recovery account" option is not enabled in the admin page
- No admin has the right "recovery account"
- The user has not been logged in since the recovery account option was activated.

Admin accepts reset

image.png

User sets new master password

image.png


Revision #11
Created 2 January 2025 15:34:44 by WALLIX Admin
Updated 6 January 2025 19:33:51 by WALLIX Admin