Assigning user IDs and passwords

Setting up users

Initially, only the supplied default system administrator user ID can create or delete other user IDs. User IDs and other information are set up on the Users form.

Setting passwords

Any user who is added to the System Administration group can access the Users form and change the password for any other user. Individual users can change their own passwords using the User Information form.

System administrators can use the Password Parameters form to specify password requirements, such as use of mixed case, numbers and special characters, and minimum/maximum password length. This form also allows you to set up rules for password expiration and locking out users after a certain number of password retries.

See Setting Password Parameters.

Using token-based authentication

One option to increase system security is to require users to enter a second password, called a "passcode," from a token-based authentication service. When this type of security is used, the Sign In dialog box displays a passcode field when the user attempts to log in. The user must obtain a passcode from a hardware or software "token" and enter it in this field to successfully log in.

See Token Authentication in Mongoose Applications.

Locked-out users

If users enter an incorrect password more times than the allowed number of retries (as specified on the Password Parameters form), they are locked out of the system for the number of minutes specified in Lockout Duration (on the Password Parameters form). If a user must log in to the system before the lockout time is up, a system administrator can manually override the lockout on the Users form by setting the User Login Status for the user to Active, which then resets the Login Failures to 0.

Portal user information

Portal users can control some information about their user account from the User Portal Profile form. They can change their passwords and user descriptions, specify primary email addresses, specify whether they want to receive external prompts and notifications, and specify their preferred theme. They cannot change their user IDs.

Before a user can update information on the User Profile Portal form, the system administrator must define on the Users form at least the user ID, a user description, and an initial password. If more than one email account is specified on the Users form, only the primary email account displays and can be changed on the User Profile Portal form.

The system administrator must also ensure that the user is authorized to access the User Portal Profile form.

The administrator must then provide a version of this URL to portal users:

http(s)://webServer/WSWebClient/Default.aspx?page=formonly&form=UserProfilePortal&notitle=1

where webServer is the name of the web server that is specified in the Configuration Manager.