Password Self-Service Policies define parameters for self-password reset, such as security questions to be answered, SMS verification, blocking and unlocking options, email notifications, etc.
To create a password self-service policy:
Launch the Adaxes Administration Console.
In the Console Tree, expand your service node (the
icon represents service nodes).
Expand
Configuration / 
Password Self-Service and click 
Policies.
In the Result Pane on the right, click the New button.
In the Create Policy for Password Self-Service wizard that starts, specify a name for a new policy.
If you want users to answer self-configured security questions prior to resetting their passwords, select Security Questions and Answers, and configure settings for security questions and answers.
![[Tip]](img/tip.png)
Tip For details, see New/Edit/Duplicate Password Self Service Policy Dialog. If you want a user identity to be verified by a verification code sent by SMS, select SMS Verification Code.
If necessary, modify the SMS message text. To insert user-specific information in this text, use value references. For example, you can specify the text as follows:
%firstname% %lastname%, your verification code for password reset is %verificationcode%.
The %firstname% and %lastname% value references will be replaced with the first name and last name of the user, who resets own password, and the %verificationcode% value reference will be replaced with a security code the user must specify.
Tip SMS messages will only be sent, if SMS settings are configured. For details, see Configure SMS Settings. To use SMS verification only for users, who have a mobile number specified in Active Directory, select Bypass if mobile number is missing.
Click Next.
Configure options for blocking user accounts and unlocking locked-out accounts.
To block the account after a user fails to answer his or her security questions or provide a valid verification code for a specific number of times, select Block user account after N invalid attempts.
To reset to 0 the failed attempt counter after a specific period of time, select Reset failed attempt counter after N minutes.
To release an account block after a specific period of time, select Unblock account automatically after N minutes.
To unlock the accounts upon successful password reset, select Unlock account during password reset.
Click Next.
To send an email invitation to enroll in the new Password Self-Service Policy to all affected users, select Enrollment Invitation. Specify the subject and text of the invitation to be sent. If the Web Interface settings for the Adaxes service are not specified, you will need to replace the <<Web Interface URL>> placeholder with the URL of the Web Interface a user must visit to enroll in the Password Self-Service Policy.
Choose the frequency of reminding invitation sending.
To send an email notification to a user, when their password is reset, select Password Reset Notification. Specify the subject and text of the notification to be sent. To configure the Web Interface settings, click Configure Mail Settings (see Mail Settings Property Page).
Click Next.
Configure re-enrollment and captcha settings.
Click Next.
Click the Add button to select users and groups, for which this Policy will be effective.
Tip If two or more password policies are applied to the same user, this user will be affected with the password policy with a higher precedence. To check the users affected by a policy, see Viewing All Users Affected By a Policy. To check what password policy is effective for a specific user, see Viewing Policy Effective For a User. Click Finish.