Changing and Resetting User Passwords

Administrators can change user passwords or send users password reset emails. Users can also change their own passwords and initiate password resets when needed.

Requirements

Password management permissions are based on user roles:

• All users can change their own password
• Administrator System Role required to change or reset another user's password

Changing Your Own Password

While Logged In

1. Navigate to the My Settings page
2. Click the Change Password tab
3. Complete the required fields:
   • Current password
   • New password
   • Confirm new password
   • Security question and answer (if required)
4. Ensure you securely record your new password and security question answer
5. Click Save

If You've Forgotten Your Password

1. On the portal login page, click Forgot your password?
2. Enter your username or email address
3. Click Submit
4. Check your email for the password reset message from the portal
5. Click the reset link in the email
6. Answer the security question for your account
7. Click Continue
8. Enter and confirm your new password
9. Click Submit

Result: You can immediately log in with your new password.

Managing Other Users' Passwords (Administrators Only)

Access user password management:

1. Navigate to the Setup Home page
2. Click Security > Manage Users
3. Click the user whose password you want to manage
4. Choose your preferred action from the More Actions menu

Option 1: Change Password Directly

When to use: When you need to set a specific password for a user immediately.

1. Click More Actions > Change Password
2. Enter your own administrator password for verification
3. Enter the new password for the user
4. Click Save

Result:

• User's password is immediately changed
• User is NOT notified of the password change
• You must communicate the new password to the user through your preferred secure method

Security Note: Requiring your administrator password ensures that only authenticated administrators can directly change user passwords.

Option 2: Send Password Reset Email

When to use: When you want the user to set their own new password securely.

1. Click More Actions > Reset Password

Result:

• User receives a password reset email identical to the self-service process
• User must answer their security question and create their own new password
• More secure as you don't need to handle the actual password

Password Reset Process for All User Types

The password reset process works the same for all user types (Employee, Partner, and Customer users):

1. Reset Request: User enters username/email on login page or administrator initiates reset
2. Email Delivery: System sends password reset email to user's registered email address
3. Security Verification: User must answer their security question correctly
4. New Password Creation: User creates and confirms their new password
5. Immediate Access: User can log in immediately with the new password

Important Security Considerations

Security Questions

• Security questions are required for all password reset processes
• Users should choose questions and answers they can remember but others cannot easily guess
• Security question answers are case-sensitive

Administrator Best Practices

• Prefer Reset Over Change: Use "Reset Password" rather than "Change Password" when possible to maintain security
• Secure Communication: If you must use "Change Password," communicate the temporary password through secure channels
• Temporary Passwords: If setting passwords directly, instruct users to change them immediately after first login

Password Requirements

• Passwords must meet the minimum requirements configured in Company Preferences
• Requirements typically include minimum length and complexity rules
• Users will be prompted if their new password doesn't meet requirements

Troubleshooting Common Issues

User not receiving password reset email:

• Verify the email address is correct in their user profile
• Check spam/junk folders
• Confirm email settings are properly configured in Company Preferences

User cannot answer security question:

• Administrator must use "Change Password" to set a temporary password
• User should immediately log in and set a new password with a memorable security question

Password doesn't meet requirements:

• Review password requirements in Company Preferences
• Ensure new password meets minimum length and complexity standards
• Contact administrator if requirements seem incorrect

Password Management for Inactive Users

Important Note: Users created as inactive who are later activated must use the password reset process to gain access, as they don't receive initial activation emails with login credentials.

<< Configuring User Accounts | Mass Creating Users with CSV Files >>