Introduction

Account recovery requests help an organization recover access for a registered user who cannot complete sign-in because they lost access to FTE Tree-managed MFA, need a local FTE Tree password reset, or need all active FTE Tree sessions ended.

This workflow is for one user requesting help for another active registered user in the same organization. Users cannot request account recovery for themselves from this page. If you cannot sign in at all, use the public Contact us form or email support@ftetree.com.

Who can request recovery

Only users who manage organization security can request account recovery. The requester must select an active registered user from the current organization. If a user does not appear in the selector, confirm that they are an active user in that organization and that their FTE Tree account is registered.

Before submitting the request, confirm that:

  • your organization authorized the recovery request
  • you verified the target user's identity using your organization's process
  • you understand that recovery affects the user's FTE Tree account, including other organizations they may belong to
  • Google, Microsoft, and enterprise identity-provider passwords and MFA are not changed by FTE Tree

What FTE Tree can reset

When a request is approved, FTE Tree can reset the parts of sign-in that FTE Tree manages:

  • FTE Tree-managed MFA authenticators
  • active FTE Tree account sessions
  • active organization workspace sessions
  • local FTE Tree password reset email, when the user already has a local FTE Tree password and a verified email address

If the user has a local FTE Tree password and a verified reset email, they receive a password reset email after recovery is completed. If the user does not already have a local FTE Tree password, recovery does not create one.

Delegated sign-in and SSO

FTE Tree does not reset Google, Microsoft, or enterprise identity-provider passwords or MFA. Those accounts are controlled by the provider. If the user lost access to an external authenticator, password, device, or provider account, your organization's identity-provider administrator must recover that account in the provider system.

Recovery also does not disconnect linked sign-in providers, change external groups, or bypass organization SSO requirements. If an organization requires SSO, the user must still sign in with an allowed provider and satisfy that organization's current security policy after recovery.

Users in multiple organizations

One FTE Tree account can belong to more than one organization. Account recovery can therefore affect more than the organization where the request was created. Ending sessions and resetting FTE Tree-managed MFA apply to the user's account, while each organization still applies its own SSO, MFA, email domain, and access rules when the user signs in again.

Review the selected user carefully before submitting the request.

Request account recovery

From your organization workspace:

  1. Open Support.
  2. Select Request account recovery.
  3. Search for and select the user account.
  4. Enter the reason for the request.
  5. Complete the required confirmations.
  6. Submit the request.

The request creates a support case so your organization can track the request and any follow-up messages.