Title: How can users reset their own passwords?
This entry covers how users can set or reset their own passwords, including the option to force users such as new employees to set their own password in order to gain initial access to the system.
What’s covered in this document:
How a user can change their password if they know the existing password
If the user is already logged into Unanet, they can change their password in the upper right "Preferences" area, then the Password tab.
How the user can change or set their password if they have forgotten their password
If the user has forgotten their password, then they can use the Forgot Password option on the log in screen as in the screenshot below. (Note that a property must be enabled for this option to be available; see the Property Settings section below.)
The user then supplies their username and email as in the screen below. Be aware of the requirements for the username and email in the Help Doc link below.
Forcing Password Reset
Optionally, if you would like to force a new employee to reset their password, when setting up that person's profile, leave the password blank (or do not inform them of a password). This will require them to set their own password via "Forgot your password?" in order to gain access to the system. An Admin can do the same thing with an existing employee by changing their password to anything other than the previous password.
Note that the password fields below will always appear blank for security reasons even if a password exists in the system.
There are two property settings to consider when allowing users to reset their own passwords:
- Enable Password Reset – This property is used to enable the user self-service password reset feature. When enabled, a Forgot Password link will appear on the Unanet login screen that allows users to initiate a password reset.
- Time-To-Live For Password Reset Request – The number of milliseconds, after creation, before a user's password reset request expires. This value should be sufficiently long enough for the user to complete the reset process, but also short enough to limit the actionable lifetime for a specific reset request. Once a password reset request expires, it can no longer be used to successfully complete the reset process.