Default Password Management - Overview

Cornerstone is moving the management of the portal wide default password from a backend setting to the Password Preferences page that is visible in all portals and accessible by administrators with the existing Password Preferences - Manage permission.

With this enhancement, a new Default Password Management tab will be visible on the existing Password Preferences page. Here, administrators can set a portal-wide default password or configure a default password by organizational unit (OU), change the default password, and manage default password rules such as lifespan and expiration date. Furthermore, default passwords must comply with the password complexity rules defined on the General tab in Password Preferences. Administrators can use the Default Password Email Reminder Template in Email Administration to setup email reminders to be notified prior to default password expiration.

The phased rollout for production and pilot has been delayed and is now targeted for the October ’21 Release time frame.

This enhancement places default password management in the hands of customers for greater control and oversight of this critical security asset. If using Data Load Wizard (DLW), See Data Load Wizard - User Loads: Default Password Setting Enhancement.

How Does this Enhancement Benefit My Organization?

This enhancement provides improved password security, which makes it easier to comply with an organization’s security protocols and standards.

Use Cases

Mary, who is a System Administrator, would like to be able to secure her portal by rotating default passwords used every 120 days. Today, she has to call Cornerstone Support and open a case to update the password and go through a lot of steps to accomplish this. With this feature, Cornerstone is surfacing the portal-wide default password management feature in the hands of the customer administrator, allowing for greater accessibility and improved security of the customer portal.

Resources

Implementation

Customers that do not currently have a default password stored in the existing default password backend setting should submit a case to Global Customer Support if they would like to begin using the new default password functionality.

For customers that currently have a default password stored in the existing default password backend setting, this functionality is on by default in stage environments. There will be a phased rollout for production and pilot environments. The phased rollout for production and pilot has been delayed and is now targeted for the October ’21 Release time frame.

Rollout Schedule by Swimlane

Swimlane Date
All stage swimlanes April 9 patch
All pilot swimlanes Delayed - new target is the October ’21 Release time frame

All CGD, FRA, AU, and JP swimlanes

LAX SL1

LHR SL1

Delayed - new target is the October ’21 Release time frame

LAX SL2

LAX SL5

LHR SL2

Delayed - new target is the October ’21 Release time frame

All swimlanes. This includes:

  • All remaining swimlanes
  • All swimlanes previously migrated (portal that have already been migrated will be skipped)
Delayed - new target is the October ’21 Release time frame

Permissions

The following existing permission applies to this functionality:

PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Password Preferences - Manage Grants ability to manage Password Preferences, which includes specifying the settings for users to change their own password, or for the system to generate an anonymous password, set the specific password requirements and allowing users to reset password by answering security questions. This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration