Password Preferences - General

On the Password Preferences page, under the General tab, select the appropriate password options.

With regards to passwords, the following is always true:

  • Passwords can never be recovered, and may only be reset or changed.
  • Default passwords are only allowed via a secure backend setting, and all new users assigned default passwords must change it upon initial login. This does not impact Single Sign On (SSO) users because SSO does not rely on passwords.
  • Users always have the option to change their passwords via the My Accounts page, removing the dependence on administrators to initiate password resets.
  • External users are always required to adhere to internal password preferences, if available. If a Division is not selected for the external user, then the external user must follow the password preferences of the top level Division.
  • When a temporary password is assigned to a user, the temporary password must be changed upon login. Temporary passwords may be issued when a new user is created. Also, a default password may be assigned to a user via a data feed.
  • Self-registered users must set their password when they register. Users created via a data feed are assigned a default password via the data feed.

See Passwords and Users Added Via Data Feed.

See Passwords and Users Added Via Data Load Wizard.

See Passwords and Users Added Via Upload User Tool.

See Passwords and Users Added Via Users Page.

See Passwords and Users with Single Sign-On (SSO).

To manage Password Preferences, go to Admin > Tools > Core Functions > Core Preferences > Passwords.

  1. Passwords must contain both upper and lower case letters - Select this option to require passwords contain at least one lower case letter and one upper case letter (e.g., Smile, sailinG5). Selecting this option strengthens password security.
  2. Allow user to change password - Select this option to allow users to change their password from My Account. See My Account - Preferences. If this option is deselected, users do not have the ability to change their own password. As a best practice, this option should always be selected unless the affected organizational unit (OU) has SSO enabled, in which case the users do not use passwords to access the system.
  3. Send email notification upon password change - Select this option to generate an email to the user when the administrator changes the user's password.
    • If this option is selected and the Allow user to change password option is selected, the User Password Change email is sent to the user.
    • If the Require confidential password reset option is selected, this option does not need to be selected, because the Require confidential password option includes this functionality.
  4. Require confidential password reset and send email notification to user -
    • When this option is selected and an administrator resets a user's password, the administrator can only do so by sending the user a password reset email with a confidential temporary password. For this option, users must have a defined email address in their user record.
    • When this option is not selected and an administrator resets a user's password, the administrator has the option to either send a password reset email with a system-generated and confidential temporary password or to manually set a temporary password for the user. When a password is manually reset, the temporary password is not sent to the affected user. The administrator must communicate this password outside of the system. This is the best option for users who do not have an email address associated with their user record.
  5. Passwords must contain alpha and numeric characters - Select this option to require all passwords to be composed of both letters and numbers (e.g., Europe64, buddy4). Selecting this option strengthens password security.
  6. Passwords cannot have three or more consecutive same characters - Select this option to require that password not have 3 or more consecutive characters (e.g., smile333, funnn1). Selecting this option strengthens password security.
  7. Passwords must contain at least one special character - Select this option to require all passwords contain at least one special character (e.g., !, @, #, $). A special character is a character that is not a space, an alpha character (e.g., a, b, c), or a numeric character (e.g., 1, 2, 3). Selecting this option strengthens password security.
    • Note: Users may not use a less than symbol (<) or greater than symbol (>) in their password, as this will cause an error.
  8. Use the default password for new users manually created through the application - If this option is selected, then new users created from the Admin > Users page with the associated Division OU will be assigned the default password that is stored in a backend setting. As a result, the Reset Password pop-up is bypassed when this occurs. This setting does not affect users who are added through the Upload User Tool or User File FTP tool. The availability of this option is controlled by a backend setting. To enable this functionality, contact Global Product Support.
  9. Passwords expire every XX days - Enter the number of days after which a user's password expires. For example, if this is set to 30, each user's password expires 30 days after it is set. Leave this field blank if passwords are not to expire. Setting this value strengthens password security.
  10. Passwords cannot be the same as any previous XX passwords - Enter the number of previous passwords that a user cannot use as the new password. For example, if this is set to 10, when setting a new password, users cannot reuse their previous 10 passwords. Setting this value strengthens password security.
  11. Minimum password length - Enter a minimum password length. This must be at least 4 characters.
  12. Maximum password length - Enter a maximum password length. This cannot exceed 20 characters.
  13. Forgot password message - This field allows the administrator to define the message that is displayed to users on the Forgot Password page. This field is only available when configuring the Password Preferences for the top level organizational unit. If multiple languages are enabled for your portal, select the Translate icon to translate the field into other available languages. The message is displayed to users based on their browser language settings. This field has no character limit.

Overwrite Settings

Choose whether to overwrite custom settings for child division OUs. If you choose to overwrite custom settings for child division OUs, the selected settings are applied to both new and existing child OUs. Any previously customized child OUs are updated with the selected settings.

If this option is unselected, then only the child OUs that do not have customized settings will be updated, as well as any OUs that are added in the future.

A child OU that has not been customized always inherits from the parent, regardless of whether this option is selected.

An OU is considered customized if its preferences or settings have been changed.

Password Password Password Password Password Password Password Password Password Password Password Password Password Password Password