KB-2198 "Your Link Has Expired" message received when resetting a user's password


When attempting to reset a user's password, the following message is observed after clicking on the reset password URL sent via email:

This message is received despite the link being clicked on within the 15 minute expiry period. Additionally, the application server log shows the following error message:

ERROR com.appiancorp.security.auth.ForgotPasswordFilter - INVALID TOKEN. Reason: null com.appiancorp.security.auth.forgotpassword.ForgotPasswordException: Service Account users cannot login via portal


The user in question has been added to the Service Accounts system group. By design, service accounts are unable to log into Appian, hence this is expected behavior. See the documentation for more information on the Service Account Role.


  1. Remove the user from the Service Accounts system group.
  2. Have the user re-attempt the password reset.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: September 2021