Versions Compared

Version Old Version 16 New Version Current
Changes made by

Helen Gosper

Denise McGettigan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

Table of ContentsmaxLevel2Configure

If your site uses the Phocas authentication model, you can take several actions regarding managing passwords for your user accounts.

Note

If your site uses the LDAP or SSO authentication model to manage how users sign in to Phocas, while you can use these settings, they won't apply.

Set a password policy 

You can only set a password policy if your site is using Phocas authentication. 

See Set your Phocas site's password policy.

The Forgotten password? link on the Phocas sign in screen allows a user to either reset their own password or ask

the Phocas

you (administrator) to do it for them.

If you have configured Phocas to send emails, the Forgotten password? link takes the user to a prompt for their user name. Provided the entered username is valid and has an email address (see Manage users) then the user will be sent an email to a reset password page. For security reasons, if the user name is invalid or there is no email address, a

'

fail

'

message

will not appear

will not appear.

For systems using LDAP/Active Directory authentication, this link will be as specified in the

system setting 'LDAPResetPasswordURL'

/wiki/spaces/PKB/pages/1358642 LDAPResetPasswordURL. If nothing is entered in the

'value'

Value field in the system setting, the link will not be displayed.

  • The email sent to the user has a link to a password reset page.

  • Following the link takes the user to a screen where they can enter and confirm their new password.

  • If the SMTP settings have not been completed, but there is an entry for the Administrator Email Address

under General

  • under General settings in the 

configuration screen

  • Configuration page, the user will be provided with a link to this email address. Clicking this link will open a

'

  • Compose email

'

  • window in their default email program. If the SMTP settings have not been completed and there is no entry in the

'

  • Administrator Email Address

'

  • , then the link will not be shown.

Disable Remember Me? checkbox

It is also possible to use a system setting to remove the Remember Me? checkbox from the login screen.

Force password change

The user maintenance form contains an option to force a user to change their password. When

Change (reset) a password

The Reset option gives users a new password, which is either automatically generated by Phocas or specified by you.

You can reset a password in two ways:

  • For one or multiple users at the same time: On the Users page, select the user rows, then click More > Reset Password.

  • For an individual user: On the user’s maintenance form, click Reset Password on the top right.

Image Added

Either way, you get the same two reset options:

  • Autogenerate password:

    • When selected, this option generates a random password that complies with your Phocas site's password policy. This is only available when your site is configured to send emails, when the user has an email address and when the site is non-LDAP. The users will receive an email with their sign in details, along with the automatically generated password.

    • If you do NOT select this option, you can get to specify the new password - enter and confirm the password. This option is suitable when you first create a user, as you can set the user up with a simple password (such as a repetition of the username) and then

forcing Set

    • force them to enter a new password that conforms to

the site 
This is only available on non-LDAP sites.

Image Removed

Image Removed

When adding a user

Image Removed

Request auto-generated passwords

When creating new users, there is an option to get the system to generate a random password that complies with the site Set your Phocas site's password policy.This is only available when the site is configured to send emails, when the user has an email address and when the site is non-LDAP. When using this option (see User maintenance form for details) the confirmation email sent to the user will include the connection details including the randomly generated password.

Reset or expire passwords

Image Removed

 

    • You also get the option to send the users an email with the new password details, or not, as you might prefer to advise them of the new password in another way.

  • Force password change: If you select this option, the users are forced to change the password the next time they sign in to Phocas.

Expire passwords (force a password change)

The Expire option is useful when you want multiple users to immediately change their passwords. The next time the selected users sign in to Phocas, they get a message telling them their passwords have expired and they are forced to enter a new password (that they choose themselves).

On the Users screen, select the user(s), then click More > Expire Password.

Image Added

Force a user to be signed out

The above Reset and Expire password options take effect the next time a user tries to sign in to Phocas. If you want to reset or expire a password immediately, you can force the user to be signed out of Phocas. This option is useful if a user leaves your organization or you believe their account might have been compromised. The user then has to sign back into Phocas using a new password.

For one or multiple users at the same time: On the Users page, select the user rows, then click More > Reset Password.

Image Added

Prevent non-administrators from changing password

A boolean user setting titled 'PreventUsersFromChangingPassword' will prevent non-administrators from changing their passwords.

 

On this page

Table of Contents
maxLevel2
Panel
bgColor#E3FCEF

Video

Reset and expire passwords