Default Password Management

Cornerstone is moving the management of the portal wide default password from a backend setting to the Password Preferences page that is visible in all portals and accessible by administrators with the existing “Password Preferences - Manage” permission.

With this enhancement, a new Default Password Management tab will be visible on the existing Password Preferences page. Here, administrators can set a portal-wide default password or configure a default password by organizational unit (OU), change the default password, and manage default password rules such as lifespan and expiration date. Furthermore, default passwords must comply with the password complexity rules defined on the General tab in Password Preferences.

This enhancement places default password management in the hands of customers for greater control and oversight of this critical security asset. If using Data Load Wizard (DLW), See Data Load Wizard - User Loads: Default Password Setting Enhancement.

How Does this Enhancement Benefit My Organization?

This enhancement provides improved password security, which makes it easier to comply with an organization’s security protocols and standards.

Use Cases

Mary, who is a System Administrator, would like to be able to secure her portal by rotating default passwords used every 120 days. Today, she has to call Cornerstone Support and open a case to update the password and go through a lot of steps to accomplish this. With this feature, Cornerstone is surfacing the portal-wide default password management feature in the hands of the customer administrator, allowing for greater accessibility and improved security of the customer portal.

Resources

Implementation

Customers that do not currently have a default password stored in the existing default password backend setting should submit a case to Global Customer Support if they would like to begin using the new default password functionality.

For customers that currently have a default password stored in the existing default password backend setting, this functionality is on by default in stage environments during UAT, and pilot environments with the April ’21 Release. There will be a phased rollout for production environments.

Rollout Schedule by Swimlane

Swimlane Date
All stage swimlanes April 9 patch
All pilot swimlanes April ’21 Release (April 30)

All CGD and FRA swimlanes

LA4PRDSL1

LD4PRDSL1

April ’21 Release (April 30)

LA4PRDSL2

LA4PRDSL5

LD4PRDSL2

May 14 patch

LA4PRDSL3

LA4PRDSL4

LD4PRDSL3

May 28 patch

Permissions

The following existing permission applies to this functionality:

PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Password Preferences - Manage Grants ability to manage Password Preferences, which includes specifying the settings for users to change their own password, or for the system to generate an anonymous password, set the specific password requirements and allowing users to reset password by answering security questions. This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration