You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
When new accounts are created, the creator (admin) is responsible for creating passwords for accounts. We can use advanced password generators, but we can retain these passwords if we wish to.
When users then log in, there's no pressure for them to change the password that we've generated for them, so the admin more than likely has workspace access if the user doesn't change it. This is also true for password rests requests.
Describe the solution you'd like
A "first-login" mode that forces users to change their passwords would be a welcome addition. This could also be triggered via a toggle on the account management page.
Describe alternatives you've considered
Alternatively, having Magpie send out an anonymized password on account creation would be a welcome addition. Having a case-sensitive email-based password reset would be helpful as well.
The text was updated successfully, but these errors were encountered:
no need for the admin to generate any temporary user account/password.
@fmigneault
This would work if we allow everybody to create an account. But the reality is we do not accept all applications for account so by generating the first password ourselves, we can control who we allow to connect to the server.
With our non stop growing user base, some users start to forget their password or want to change their password. That's the reason behind @Zeitsperre request. Once we allow a user on our server, we would prefer the user to be completely autonomous with respect to managing their password.
There is an option (MAGPIE_USER_REGISTRATION_APPROVAL_ENABLED) to have an intermediate admin approval step. Users will not have an account unless that step is approved by the admin. I assume enabling this feature would essentially become the same has the kind of emails you must already receive from users to create new accounts.
As for the second point, part of the user registration workflow could be reused to send an email to the user upon a "reset password" button press (to be implemented). Once logged in with the temporary auto-generated password sent by email, users could themselves change it on their profile (already possible).
Is your feature request related to a problem? Please describe.
When new accounts are created, the creator (admin) is responsible for creating passwords for accounts. We can use advanced password generators, but we can retain these passwords if we wish to.
When users then log in, there's no pressure for them to change the password that we've generated for them, so the admin more than likely has workspace access if the user doesn't change it. This is also true for password rests requests.
Describe the solution you'd like
A "first-login" mode that forces users to change their passwords would be a welcome addition. This could also be triggered via a toggle on the account management page.
Describe alternatives you've considered
Alternatively, having Magpie send out an anonymized password on account creation would be a welcome addition. Having a case-sensitive email-based password reset would be helpful as well.
The text was updated successfully, but these errors were encountered: