Reset a user's password.

patch https://{tenanturl}/v2.0/Users/{id}/passwordResetter

Entitlement required: manageUserGroups (Manage users and groups), or manageAllUserGroups (Synchronize users and groups), or manageUserStandardGroups (Manage users and standard groups), or updateAnyUser (Update any user), or resetPasswordAnyUser (Reset password of any user), or manageUsers (Manage all users), or manageUsersInStandardGroups (Manage users in standard groups).
Note: You only need one entitlement, but you can have more than one.

When the password is reset, a notification is optionally sent to the user to indicate that a password reset was performed. The notification also includes the new temporary password for the user to log in to the system. When the user logs in, the user is prompted to change the password.

Passwords cannot be reset for federated users.

By default, the notification is sent by email, but this delivery selection can be overridden by the notifyType value in the notifications object.The email templates for branding are at "notifications/user_management/login/{locale}/user_password_reset_email.xml" and "notifications/user_management/login/{locale}/user_password_reset_not_show_email.xml". Pass in the themeId query parameter to brand the email templates for notifications. To turn off email notifications, send the notifications option "urn:ietf:params:scim:schemas:extension:ibm:2.0:Notification": {"notifyType":"NONE"} in the payload.

The password can be specified or auto-generated. For an auto-generated password, a notification is sent by email and cannot be overridden by the notifyType attribute. The notifyPassword value in the ResetPasswordOperationValue is ignored and the user's reset password is always included in a notification.

If custom password intelligence warning is enabled and a password is provided that is listed in it, the 204 response includes the header 'isv-dictionary-policy' with the value: 'WARNLOCAL'.
If X-Force password intelligence warning is enabled and a password is provided that is listed in it, the 204 response includes the header 'isv-dictionary-policy' with the value: 'WARNGLOBAL'.
If custom password intelligence prevention is enabled and a password is provided that is listed in it, the 400 response can include the header 'isv-dictionary-policy' with the value: 'ENFORCELOCAL'. The corresponding error status is 'PWD_IN_DICTIONARY'.
If X-Force password intelligence prevention is enabled and a password is provided that is listed in it, the 400 response can include the header 'isv-dictionary-policy' with the value: 'ENFORCEGLOBAL'. The corresponding error status is 'PWD_IN_GLOBAL_DICTIONARY'.

Path Params

string

required

The identifier of the user.

Query Params

themeId

string

The identifier of the theme that you want to apply.

Body Params

The body for the reset password patch operation.

schemas

array of strings

required

An array of strings that contain the URIs that indicate the namespaces of the SCIM schemas that define the attributes in the current JSON structure. The schema URI must be "urn:ietf:params:scim:api:messages:2.0:PatchOp" as required by the SCIM specification.

schemas*

Operations

array of objects

required

An array of operation objects to be performed. Operation objects must have exactly one "op" member, whose value indicates the operation to perform. Its value must be one of "add","remove", "replace", "move", "copy", or "test"; other values are errors. Additionally, operation objects must have exactly one "path" member. to the service provider. Often displayed to the user as their unique identifier within the system (as opposed to the id or externalId attributes, which are generally opaque and not user-friendly identifiers). Each user must include a non-empty userName value. This identifier must be unique across the service consumer's entire set of users. It must be a stable ID that does not change when the same user is returned in subsequent requests.

Operations*

Headers

usershouldnotneedtoresetpassword

string

Defaults to false

If set to true for a password change, the user is not required to change the password after login.
Only honored when the operation.value.password element in the ResetPasswordPatchBody has a value that is not "auto-generate".

Responses

204

No Content.

Language

URL


xxxxxxxxxx
1
curl --request PATCH \
2
     --url https://tenant_url/v2.0/Users/id/passwordResetter \
3
     --header 'accept: application/json' \
4
     --header 'content-type: application/scim+json' \
5
     --header 'usershouldnotneedtoresetpassword: false'

Choose an example:

application/scim+json

400The request was incorrect.

403Forbidden.

404Not found.

500An internal server error occurred.