Jump to content
Welcome to our new Citrix community!

Setup Netscaler SSPR with only email registration

Recommended Posts

Dear all,


I am trying to setup Netscaler Self-Service Password Reset but I don't want to use the security questions.

I just want to register the email address and use a OTP token to reset the password.
Is there anybody who has already configured this?
The first step was to change the schema for the kba registration and to use the new altemailregister.xml schema.
When I have configured this, I can register my email address and it gets written in the AD attribute without issue, but when I logon again, it's asking me again to configure the email address.
Where does it writes the value kba_registered = 1 so that the policy 'sees' that the kba is registered and he doesn't need to force you to write the email address again?

And then secondly, once that is fixed, how will the email OTP integrate with the password reset flow? Because now it's using the kba_validation to verify your answers, but when using email I guess it's sending you an OTP to reset the password?
It seems that this procedure is not yet documented by Citrix.


I used Carl Stalhood's procedure to setup SSPR, which includes an email OTP option, but that is only an additional security step, it doesn't replace the questions.


Many thanks

Kind regards,



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...