I assume you are using the new Universal Login experience? The short answer is that it depends on how you are generating the password reset email - If you are using the change password endpoint of the Authentication API, then you will need to make sure both that the Application Login URI is set for the relevant application and that the client_id is included in the request. The following FAQ goes over this scenario as well as others: