Forgotten password settings
If you want to allow users who forgot their password to request a new one, you can activate the Forgotten password functionality setting in System settings > Security. By default, this setting is deactivated.
Preconditions:
The Contact's email address field must be filled in Accounts > User groups > Settings > User settings for the users in question.
The fields Forgotten password date and No. of attempts forgotten password must be made available on the Users layout in Accounts > User groups > User group details > Users.
* 
For more information on linking persons to users (= user accounts), see Authorization.
Procedure
1. Go to System settings > Outgoing mail.
2. Select the SMTP system setting.
3. In the SMTP server address field, enter the correct server address.
4. Go to System settings > Security.
5. Select the security setting.
6. In the Forgotten password functionality field select one of the following options:
User name and email address - users can only request new credentials by providing both user name and email address.
User name only - users can request new credentials by providing their user name only.
* 
In most Service Provider configurations, user names are identical with the users' Contact's email address, in which case the User name only option can be selected.
Deactivated - select this option if you want to disable the Forgotten password functionality.
7. Click Save.
The Forgot password? question is added to the Planon login screen and immediately effective. Users who request a new password must carefully follow the instructions given to them in the email and login screen. Per user, you can monitor the number of attempts made to reset a password and the date on which the reset attempts were made.
The maximum is 3 attempts a day, per user.
The email token remains valid for 24 hours, or until a new token is requested.
* 
The email that is sent out to the user is either:
•    auto-generated by the application, in which case its contents cannot be changed. Planon uses a GUID for the new password, to ensure it is unique per request.
•    user-defined via a custom email template. See Customizing the Forgotten password email for more information.