On the Password Preferences page, under the General tab, select the appropriate password options.
With regards to passwords, the following is always true:
- Passwords can never be recovered, and may only be reset or changed.
- Users always have the option to change their passwords via the My Accounts page, removing the dependence on administrators to initiate password resets.
- External users are always required to adhere to internal password preferences, if available. If a Division is not selected for the external user, then the external user must follow the password preferences of the top level Division.
- When a temporary password is assigned to a user, the temporary password must be changed upon login. Temporary passwords may be issued when a new user is created. Also, a default password may be assigned to a user via a data feed.
- Self-registered users must set their password when they register. Users created via a data feed are assigned a default password via the data feed.
To manage Password Preferences, go to.
|PERMISSION NAME||PERMISSION DESCRIPTION||CATEGORY|
- Passwords must contain both upper and lower case letters - Select this option to require passwords contain at least one lower case letter and one upper case letter (e.g., Smile, sailinG5). Selecting this option strengthens password security.
- Allow user to change password - Select this option to allow users to change their password from My Account. See My Account - Preferences. If this option is deselected, users do not have the ability to change their own password. As a best practice, this option should always be selected unless the affected organizational unit (OU) has SSO enabled, in which case the users do not use passwords to access the system.
- Send email notification upon password change - Select this option to generate an email to the user when the administrator changes the user's password.
- If this option is selected and the Allow user to change password option is selected, the User Password Change email is sent to the user.
- If the Require confidential password reset option is selected, this option does not need to be selected, because the Require confidential password option includes this functionality.
- When this option is selected and an administrator resets a user's password, the administrator can only do so by sending the user a password reset email with a confidential temporary password. For this option, users must have a defined email address in their user record.
- When this option is not selected and an administrator resets a user's password, the administrator has the option to either send a password reset email with a system-generated and confidential temporary password or to manually set a temporary password for the user. When a password is manually reset, the temporary password is not sent to the affected user. The administrator must communicate this password outside of the system. This is the best option for users who do not have an email address associated with their user record.
- Note: Users may not use a less than symbol (<) or greater than symbol (>) in their password, as this will cause an error.
Select this option to overwrite custom settings for child division OUs. If you overwrite custom settings for child division OUs, the selected settings are applied to both new and existing child OUs. Any previously customized child OUs are updated with the selected settings.
- If there are no customizations to the child OU, then the parent OU customizations are applied to all child OUs.
- Overwrite custom settings checkbox setting
- If this option is selected, all child OU customizations are deleted from the database, which means the parent OU customizations will be applied to new and existing child OUs.
- If this option is unselected, all existing child OU customizations will remain unchanged, and any new child OUs will inherit the parent OU customizations by default.
- If a child OU has been customized to display any widgets, then regardless of the parent OU customizations, the child OU customizations are applied.
- If a child OU has been customized to hide all widgets, then parent OU customizations will take precedence and will be applied.