Skip to main content
this document is for:

Deployment: Invicti Platform on-premises

Reset passwords without SMTP

When an SMTP server isn't configured or available in your Invicti Platform on-premises installation, you can reset user passwords directly through the PostgreSQL database.

tip

To change your own password through the UI, see Change password instead.

Prerequisites

You are going to need:

  • Access to the PostgreSQL database
  • Database credentials with update permissions on the identity schema
  • The email address of the user account requiring a password reset

Understanding password storage

User passwords in the database are hashed using a one-way cryptographic function, not encrypted. This means passwords can't be retrieved or decrypted. The only option is to reset them to a new value.

Reset a password

To reset a user's password:

  1. Connect to your PostgreSQL database using your preferred client.
  2. Execute the following SQL query, replacing <user_email_address_here> with the target user's email address:
UPDATE identity.user_credentials uc
SET password_hash = 'AQAAAAIAAYagAAAAEEf2QKdmoJkYdKUmKowx5NCtSE0Khz+4O+bUduSsdkrDRmb7gKTorusA2C0s3rYGkg==', 
    password_hash_algorithm = 'UnifiedPlatform'
FROM identity."user" u
WHERE uc.user_id = u.user_id 
AND email_address = '<user_email_address_here>';
  1. Confirm the update was successful (the query should return the number of rows updated).
  2. Notify the user that their password has been reset to the temporary password: Password123#
  3. Require the user to change this password immediately upon their first login.

Security best practices

  • Restrict database access to authorized system administrators only
  • Force users to change temporary passwords on first login
  • Keep a record of password reset operations for compliance and auditing
  • Never share database credentials with end users

Troubleshooting

Password reset doesn't work:

  • Verify the email address is correct and matches an existing user account
  • Check your database connection and confirm you have sufficient permissions
  • Ensure the identity service is operational

No rows updated:

  • This typically occurs when the user has never had a password set (for example, if they were originally configured for SSO authentication)
  • In this case, the user has no record in the user_credentials table
  • If the user was configured for SSO, they should continue using SSO to log in or use the SSO password reset flow Contact support if you need to create a password record for a user who doesn't have one

Get help

If you encounter issues with this procedure, contact support and provide:

  • The user's email address
  • The exact error message received
  • The time you attempted the reset

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Last updated on
Was this page useful?