diff --git a/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java b/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java
index 90c278d4..89182902 100644
--- a/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java
+++ b/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java
@@ -106,6 +106,8 @@ public class SecurityConfig {
                 .requestMatchers("/saml2/**").permitAll() // SAML login initiation
                 .requestMatchers("/swagger-ui/**").permitAll() // Swagger docs
                 .requestMatchers("/v1/api-docs/**").permitAll() // API docs
+                .requestMatchers("/v1/user/reset-password/initiate").permitAll()
+                .requestMatchers("/v1/user/reset-password").permitAll()
                 .anyRequest().authenticated())
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED))
                 .exceptionHandling(exceptionHandling -> exceptionHandling