Recovery account

Account recovery allows users to request a reset of their master password if they have lost it.

There are 2 prerequisites:

• Account recovery must be enabled in the administration page
• At least one user must have account recovery rights.

The workflow will be as follows:

1. User requests master password reset
2. Admin accepts reset
3. User sets new master password

Enable Account recovery

1. Go to the admin Enterprise Vault app
2. Go to Settings 
3. Enable the line "Authorize account recovery"
4. Save

Add account recovery right to a user

1. Go to your WALLIX ONE IDaaS admin page
2. Go to Users and select a user
3. Click on Edit then Add an attribute
4. Provide the following attribute
   name: recovery_account
   kind: bool
   value: true
   

When this user will log in the User app, if he is the first one with recovery rights he will have the following message:

In fact, specific encryption keys are required to carry out recovery operations.
These are created when the first admin is authenticated.
Consequently, for subsequent admins, an admin who has the keys must share them.

1. Go to your User Enterprise Vault app with an admin who has the recovery key
2. Go to Settings, then Recovery keys
3. Click on Activate access for the new admins

Workflow

User requests master password reset

• The user click on "Start a password reset procedure"
  
  
  

If the button "Start a password reset procedure" is not displayed, causes can be:
- The "recovery account" option is not enabled in the admin page
- No admin has the right "recovery account"
- The user has not been logged in since the recovery account option was activated.

• Then he defines a reset code, which will be used later to complete the procedure
  
  

  

  
  

Admin

accepts reset

• The admin goes to his user Enterprise Vault app
• Then Recovery, an Approbation requests
• He can click on Approve or Dismiss