Hey folks,
I have a requirement where passwords need to expire every 90 days. I know you can create a rule to check the last password set date and deny the login, but is it possible to redirect the user to the hosted password reset page instead?
Hi @zperry
This is off the top of my head, and I am not sure about the security, but L
You can use a redirect rule, and generate the password redirect ticket to use as the redirect target of the rule.
I think that is okay, but please evaulate it carefully. The user logs in, trigger the rule because of an expired password, and is directed to the password change page.
I’m not sure how to /continue, either include the /continue as the next step in the ticket or an additional param to the reset page?
John