Project

General

Profile

Feature #43930

mgr/dashboard: Make user creation with password change on logon easier

Added by Stephan Müller almost 2 years ago. Updated 8 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Component - Users & Roles
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Reviewed:
Affected Versions:
Pull request ID:

Description

After #24655 has been resolved, I can create a new user without a password an check "User must change password at next logon".

But I can't click the logon button without typing a password, but the user has no password as it should be set on next logon.

There are 3 ways to solve this:
1. Enable logon without a password
2. Enable passwords without password rule if the user has to change his PW anyway on his first logon according to the rules.
3. Button to automatically generate a password that complies with the rules and copy into to the clipboard.

History

#1 Updated by Volker Theile almost 2 years ago

Keep the password policies in mind. This might make this issue a little bit more complicated.

#2 Updated by Tatjana Dehler almost 2 years ago

I do have a question... maybe it's a dump one: what's the purpose of creating an user without password? - I thought it's only used for SSO?

#3 Updated by Stephan Müller almost 2 years ago

If you just check "User must change password at next logon" you might be attempted to create a user with no password with the idea in mind that the new user can logon to the password change dialog in order to set his password, and you are allowed to create a user without a password, but you can't login.

#4 Updated by Lenz Grimmer over 1 year ago

  • Tags set to administration
  • Target version deleted (v15.0.0)

#5 Updated by Tatjana Dehler over 1 year ago

Stephan Müller wrote:

If you just check "User must change password at next logon" you might be attempted to create a user with no password with the idea in mind that the new user can logon to the password change dialog in order to set his password, and you are allowed to create a user without a password, but you can't login.

I think that's a combination of two different use cases. I don't think it was intentional to create a user without a password and forcing him to change the password at the next login. The possibility to create users without passwords serves the SSO use case. In my opinion this issue should be fixed by disabling the "User must change password at next logon" checkbox as long as no password has been set.

#6 Updated by Stephan Müller over 1 year ago

Tatjana Dehler wrote:

Stephan Müller wrote:

If you just check "User must change password at next logon" you might be attempted to create a user with no password with the idea in mind that the new user can logon to the password change dialog in order to set his password, and you are allowed to create a user without a password, but you can't login.

I think that's a combination of two different use cases. I don't think it was intentional to create a user without a password and forcing him to change the password at the next login. The possibility to create users without passwords serves the SSO use case. In my opinion this issue should be fixed by disabling the "User must change password at next logon" checkbox as long as no password has been set.

Then you prefer the third option? Adding a button that generates a password that suites the rules and add a copy to clipboard button to it (+disabling the checkbox until a password is set)?

#7 Updated by Ernesto Puerta 8 months ago

  • Project changed from mgr to Dashboard
  • Category changed from 150 to Component - Users & Roles

Also available in: Atom PDF