When users are exported from a deployment that uses an external identity source and imported to a deployment that uses the internal database, the users’ LDAP passwords are not imported. Password authentication is disabled in the target deployment. Before re-enabling these users for password authentication, you can allow users to reset their passwords using the Self-Service Console, as described in the following procedure. As an alternative, you can reset the passwords yourself.
Perform this task only if you are exporting from an external identity source to the internal database.
By default, a password is required for users in the internal database. If you have to edit the user record for any reason and the user has not reset the password, when you save the user record an error will indicate that the password is a required field. You can create a new password before saving the user record, or you can make the password optional.To make the password optional, see Edit the Internal Database.
In the target deployment, log on to the Security Console and click Set Up > Self Service Settings > Self Service Console Authentication.
Make sure the Console Authentication Method includes SecurID_Native and click Save.
From the Self-Service Settings page, click Enable or Disable Self Service Features.
Select Display Forgot your password link.
Inform the imported users that they need to perform these steps:
Log on to the Self-Service Console using a token.
Configure and answer security questions.
Note: Users’ security questions are only imported if the same questions are found on the target deployment. If the security questions cannot be found, they aren’t imported and users must configure their security questions and answers when they log on to the target deployment for the first time.
Log off the Self - Service Console.
Click the Forgot Your Password link on the log on page, answer the security questions, and change your password.