Password Change: Difference between revisions

From UmsWiki
Jump to navigation Jump to search
Sva (talk | contribs)
Sva (talk | contribs)
Line 10: Line 10:


A valid license for Password Self-service
A valid license for Password Self-service
A valid license for Password reset (reset password for others)


===Testing after setup===
===Testing after setup===

Revision as of 11:53, 15 August 2019

With Password Change, users with the appropriate rights – e.g. teachers or administrative staff – can change password for other uses with just a few clicks. It is possible to change passwords for individual entire classes or groups, without involving the IT department. Password Change is particularly helpful if more users need to change their password at the same time, e.g. entire classes, as this is the least time-consuming option. It is, however, also possible to change password for one individual user at a time.

Prerequisites

Supported administrative systems

All

Module requirements

UMS Web

A valid license for Password Self-service

A valid license for Password reset (reset password for others)

Testing after setup

Log in with the user who has access to change the password. Change password and check that it has switched.

What to have ready

Active Directory

Password Filter must be installed on all DCs

Installation

This module is already installed with the standard UMS Web installation.

Technical settings

The password is always reset to the password setting on the individual users primary template.

The settings can be found under “Web setup\Edit”

The configuration of “User lock” consist of 2 sets of settings:

  • A number of groups (AD groups) which have access to reset users password.
  • A number of groups (AD groups) which can have their password reset.

First one group needs to added with access to reset password for  users:

File:Passwordchangeaccesstoreset.png
  • Enter a saying display name, and browse for an existing AD group.
  • Choose a Service Account with access to the domain in which the group is residing (used to resolve members of group).
  • Mark the checkboxes if the users is allowed to see extra userinfo.
  • For each group it is possible to allow the user to set “Change password at next logon” or to force the setting

Next step is to choose the groups that can have their password reset with this module:

Click “Add…”

  • Enter a saying display name, and browse for an existing AD group.
  • Optional an OU search path can be entered. This means that the users both need to be in the group and placed in the “Search path” or below in AD.
  • Choose a Service Account with access to the domain in which the group is residing.

The last step is combine the 2 groups:

Click “Add…”

Choose the 2 groups.

Now a basic setting is completed.

Remember that it’s possible to add a large number af groups if needed, so the needed resulting combined rights is correct.

Typical example:

In the above example, “All teachers” can reset password for “All students”. And “Admins” can reset for both “All students” and “All teachers”.

FAQ