Password reset issues

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation. info

Symptom

Apigee global users don't receive password reset emails for their Apigee Edge account even after resetting the password by following the instructions in Reset your password.

Error message

No error messages observed.

Context

Generally a global user is unable to login to Edge UI due to invalid credentials either because the user has forgotten the password or has an incorrect password. In such cases, the user can reset the password using the following steps:

  1. Click Reset password on the Sign in window.

    reset password

  2. Enter the email address for which the account is created in Apigee Edge as shown below:

    send reset password link

  3. Click Send Reset Password Link. You will see a window as shown below:

    instructions sent

  4. The user should check their mailbox and follow the instructions given in the email to reset the password.

Sometimes it is found that the user doesn't get the password reset email even after following all the instructions correctly. This document describes the potential causes for this issue and how you can troubleshoot and resolve this issue.

Possible causes

The user may not get the password reset email due to a number of reasons. These reasons are broadly classified into the following types:

Cause Description Troubleshooting instructions applicable for
User does not exist or is not activated yet This is applicable only for first-time users where the user does not exist in Apigee or is not activated yet. Edge Public Cloud users
User not getting password reset email The user does not get an email with password reset link. Edge Public Cloud users
Invalid password reset link The user gets an invalid password reset link. Edge Public Cloud users

Cause: User does not exist or not activated yet

The users may not receive the email with the password reset link if the user does not exist or is not activated. However, be aware that Apigee will still display the Instructions sent message for security reasons, even if a user tries and requests a password reset for an email address that is not registered.

Diagnosis

  1. If the user was added as an organization user as described in Adding users, check with the organization administrator to see if the specific user is listed in the Organization Users page in the UI as described in Exploring the Users page.
  2. Go through the Apigee sign-up flow again. If the user has already gone through the signup process, they should get the error that the user already exists as shown below:

    account exists

  3. In addition, if the user has not activated their account when they try to login, they would see the verify your account message as shown below:

    verify account

Resolution

  1. If the user has not been created, then create the user using the steps provided in Creating global users.
  2. If the user exists, but is not activated, then the user should complete the signup process to get it activated. When a new user is added to the Edge, a signup email is sent. Once the user completes the sign up process by clicking on Activate your account, the user is added to the system and the user can then reset the password or perform login.

    activate account email

  3. If an organization administrator uses the Edge UI to add a global user to an existing organization with a specific role and the user does not exist, then Edge creates the user and sends the user an email message to activate the account and to set a password. If the user signs up on their own, then an email is sent to the specified email address so that the user can activate the account.

Cause: User not getting password reset email

The user exists and is active but doesn't get the password reset email.

The password reset mail is sent from noreply@apigee.com as shown below.

alt_text

Typically, this issue is seen in two scenarios:

Scenario#1 : Email is moved to spam/junk folder of mailbox

Diagnosis

  1. Check the spam/junk folders for the password reset email from noreply@apigee.com.
  2. If you do find the password reset email in the spam/junk folders, then that indicates the email address noreply@apigee.com is not trusted.

Resolution

Add noreply@apigee.com as a trusted email address for your mailbox and mark it as not spam/junk.

Scenario#2 : Email is blocked by company policy

Diagnosis

Check to see if the email address noreply@apigee.com is being blocked/filtered by your company's policy/firewall.

Resolution

Make sure that noreply@apigee.com is not blocked/filtered by your company's policy/firewall.

Sometimes the user receives a password reset link mail; however, when the user clicks the link in the mail, the invalid password link error is displayed as shown below:

alt_text

Diagnosis

  1. If you are using a corporate email account, then it's possible that you have an email virus scanner that checks links in email for malware.
  2. If this virus scanner scans the password reset link before you click it, it consumes the token making the token expire.
  3. As a result, the link becomes invalid when you try to access it at a later point in time.

    You will get the following error (as shown in the screenshot above): Sorry, your password reset link is no longer valid. You can request another one below.

Resolution

Consider adding the domain apigee.com to an allowlist from which the reset password emails are sent (noreply@apigee.com). This ensures that the email can pass through without virus scanning and prevents the token from being expired.

If the problem still persists, please contact Google Cloud Apigee Edge Support.