I am currently stuck with a UX issue that I assume should be simple to resolve but I’m unsure how to fix it.
Problem: Password resets don’t create an easy UX for the customer to return to the login page, once the password reset link has been emailed.
Context: I have looked in ‘Branding > Universal Login > Advanced Options > Prompt: reset-password > Screen: reset-password-email’. This is where I would like a link to go ‘Back to Login’ but there doesn’t appear to be an option?
Hey there @dylan7 ! Hi @dig-kr ! Thanks for reaching out and describing your use case!
Hmm, I am not sure if that would be methodologically justified. When resetting a password, a link is sent via email; resetting the password is possible only via this URL.
From the security point of view, this password reset link can be available only once a user has proven their identity (by logging in to their email inbox and clicking the link). This reset password link should be available nowhere but in the user inbox (impostor protection).
If we would like to automatically attach a button with the password reset link within the screen you’ve shared, it means everyone who requested a password reset for a particular email could take over the password reset flow and as a result, take over the user account.
Please let me know your thoughts or let me know if I misunderstood your intention for the button you would like to see on the screen!
Thanks for your reply. Sorry, If I was unclear about my query, What I meant was as per the screenshot in the post, we would like to have a button to go back to login page. On the universal login customization screen, we see a “backButtonText” but there is no back button on the widget that gets shown after successful email is sent, as you can see in the below screenshot.
So just wanted to know if there is a way to show the back button on the success message widget.
Apologies for a wee bit of delay here - I am checking it further now and will update you soon.
(My tentative thought here is that the text customization from the screen shared in this post may happen only once the button is added to the screen - thus the question would be if/how to add buttons to the reset-password-screen)
Please let me know if specifying a default Login URI in your Application settings fixed that, if that’s not the case, we will be looking further into that!
That did look pretty promising, but no it has not resolved it. When I looked at those settings, I did not have any URI entered.
I added my app URL to the URI redirect field on all (4) of my apps. I saved changes, waited 5 minutes and hard refreshed my Chrome browser -but still no change
I would have to confirm it internally, but it looks like the ‘Back to Login’ button is rendered only under some specific conditions or is not rendered at all on the reset-password-screen. I will consult our engineering team to learn more and update you soon.
To not leave you empty-handed for the time being, let me please reiterate (I) how the flow looks like after setting the Application Login URI as well as (II) some suggestions on how to make the flow more friendly/clear for end users.
(I)
On the login page, the user clicks “Forgot password”,
The reset-password-request screen appears for the user, where they provide their email. Here they can choose to either process with the reset password flow or back to the regular login page to log in with an old password,
Once they provide and approve the email to receive the reset link, they will see the reset-password-email screen (at this stage there is no button to ‘Go back’ to the regular login page).
Once they click on the link received via email, they are shown with the password-reset screen to provide a new password,
After a successful password input they see the reset-password-success screen with the ‘Back to …’ button rendered to log in with new credentials:
Hey there @dylan7, @dig-kr - I got the confirmation that the button has never been available on the reset-password-email screen as it comes after the end-user confirms the wish to reset the password. Please feel free to create a feature request here. In the meantime, I can advise making the description text of the screen as accurate as possible making it difficult for end users to get lost during the flow
When resetting a password, a link is sent via email; resetting the password is possible only via this URL.
