Self-Service Password Reset

This guide explains how to enable and use the self-service password reset feature for CMS users in the News Suite platform.

Enabling Self-Service Password Reset

To allow users to reset their own passwords, you must enable this feature in the Administration settings.

Once enabled, a “Forgot pass?” link will appear on the CMS login screen.

For the self-service password reset to function correctly for a specific user, the following requirements must be met:

Email Address: The user must have a valid email address associated with their account. This can be either their Login Name (if it’s an email) or the dedicated Email Address field.
Phone Number: The user must have a mobile phone number configured in their profile. The phone number must be in international format (e.g., +316xxxxxx).

To assist in collecting the necessary contact information, you can enable a campaign that prompts users to update their profile.

This will ask the backend users to fill their contact details every time they reload the CMS.

When a user initiates a password reset via the “Forgot pass?” link, the process follows these steps:

Email Verification: A verification code is sent to the user’s email address. The user must enter this code to proceed.
SMS Verification: If the email verification is successful, a second code is sent via SMS to the user’s registered mobile number.
Password Reset: After successfully entering the SMS code, the user will be prompted to set a new password.

To prevent abuse and ensure system security, there are strict rate limits applied to this feature:

Per-User Limits: Limits the number of reset attempts a single user account can make within a specific timeframe.
Per-IP Limits: Limits the number of reset requests originating from a single IP address.