Regularly changing passwords is an important part of online security, so it’s a best practice to allow users to reset their own passwords. The necessary steps to enable this feature will differ, however, depending on where passwords are stored.
Determining authorization source
To check where a user's password is stored in Constituent Manager, go to Constituent Manager > Settings > Constituent Roles.
Choose a specific role, then select “General Settings.” Check the “Authorization” listing at the bottom of the window to find out where the passwords for members of that role are stored.
If the passwords are stored within Finalsite, go to Finalsite-only users to learn more.
If the passwords are stored in a third-party integration database, skip down to Integrated database users for more information.
Some users may belong to multiple roles, such as Parent and Faculty, which may have passwords stored in different systems.
If a single user is assigned to more than one role and at least one of those roles is authenticated against an integrated database, they fall under the category of “integrated database users.” If the passwords for all of their roles are stored in Finalsite, then they are considered Finalsite-only users.
Finalsite-only users
Whenever Finalsite-only site users forget their passwords, they can click the “Forgot Password?” link on the login page. The user will receive an email with a password-reset link in it; that link takes the user to a page where they can create a new password.
Note: Password reset emails are sent to a user's primary email address, whatever address is set as “Primary” in their Constituent Manager profile. If multiple users share an email address, the email that's generated will have password reset links for all of the users associated with that email address.
The link they receive is time-sensitive and will expire after 24 hours. If the user hasn't clicked the password reset link in their email and reset their password within that time, they'll have to click "Forgot password?" again to generate a new email with a new link.
Allowing password reset
For users to be allowed to reset their own passwords, a site admin must enable the setting for each role. To do so, go to Constituent Manager > Settings > Constituent Roles. Choose the role, then go to the General Settings tab. Select the checkbox for “Enable self-updating of passwords.” Repeat this process for each role authorized within Finalsite. Then, ensure that your Login page is configured to display the “Forgot password?” link and any instructions you want users to see.
Note: If a user is both a site admin and a portal user (and those accounts are linked), then resetting their portal account password will also reset their site admin password, and vice-versa, even if the portal account is set to a role that is not allowed to self-update passwords.
Integrated database users
Users whose passwords are stored in integrated databases cannot use the Finalsite password-reset tool. Instead, they should use the password-reset functionality built into the integrated database system.
As a best practice, put a custom note on the Login page explaining how to do this. You may also want to add a message in the “Forgot Password?” email.
If you don’t already have an integration set up, learn more about what integrations are and see a list of available options.
Comments
Please Sign in to leave a comment if you don't see the comment box below.