New users create their own password on the registration page and are required to enter the password identically twice. If the site has a password profile set (this can be created for the publication by an Aries Account Coordinator), the password must abide by all profile rules. Additionally, if the site has security questions enabled, users are required to select and answer a question to complete the registration.
Proxy-registered users must create their own passwords (and answer any security questions the site has enabled), as in the standard registration process.
The publication must send a letter to the new user containing %USERNAME% and %PASSWORD% merge fields. This is typically done automatically via the notification of registration letter (associated with the Proxy Register New User event in ActionManager) or as part of an invitation/assignment as a Reviewer or Author.
In Rich Text (HTML) emails, the %PASSWORD% merge field renders as a deep link for new user registration: click here to create your password and login. In plain text emails, the merge field renders as a clickable URL.
Both the link and the URL direct the user to the Create Password page to complete the registration process. No passwords are displayed in any emails sent from the EM system. (See example below.) The password deep link expires after the user has successfully created a password.
No system configuration is necessary. However, publications should verify that existing and new letters for proxy-registered users include the %USERNAME% and %PASSWORD% merge fields where appropriate. This ensures that new users can create a password and complete the registration process. (To check the content of the letter, go to PolicyManager > Email and Letter Policies > Edit Letters, and find the corresponding letter on the list.) For details on letter configuration, see Create Letters.
With password encryption (enabled for all EM sites), the characters of a password display as asterisks when a user changes a password. The actual characters never display anywhere in EM. A Confirm Password function forces the user to type the password twice when changing it, to ensure that a mistyped password is not captured.
Users who forget their password can request their login information by clicking the Send Login Details link on the Login page. This link directs to the Account Finder page, where the user enters the email address associated with the account and clicks the Send Login Details button. (If the email address is not uniquely associated with one account, the user is required to enter First and Last Name.)
Once identified by the site, the user automatically receives an email that includes the %PASSWORD% merge field (similar to the email shown above). In plain text emails, the merge field renders as a clickable URL. In Rich Text (HTML) emails, the merge field renders as a deep link: click here to reset your password.
The link takes the user to the Change Password page. The user must create a new password during this process, as the password recovery tool triggers a password reset for security reasons. The deep link expires after the user has successfully changed the password.
For cases when the user contacts a member of the editorial staff about login difficulties (instead of clicking the Send Login Details button on the login page), Editor roles may be authorized to send username and password reset information. Authorized Editors see a Send Login Details button on the Search People – Update Information page, which triggers the same system email as the button on the login page.
If a user makes five failed attempts within five minute to log in (username or password is entered incorrectly), the account is locked. The locked account will be unavailable for ten minutes after the fifth failed attempt. During the lockout period, the user may click the Send Login Details link and follow the steps on the login page to recover username and reset password.
Go to ActionManager > Author Letters > Registration. For the Forgot Username or Password event, select the appropriate letter from the dropdown menu. When finished, click Submit.
The letter must contain the %USERNAME% and %PASSWORD% merge fields for this information to be sent to the user. (To check the content of the letter, go to PolicyManager > Email and Letter Policies > Edit Letters, and find the corresponding letter on the list.) For details on letter configuration, see Create Letters.
Go to RoleManager > Editor Role. Grant permissions to the applicable roles:
Password profiles are available and configurable using the following parameters:
Password profile parameters are applied independently to each user role in the system. A user's password must conform to the parameters specified for their highest profile. The following hierarchy determines the definition of highest role a user can have:
Custom password profiles are optional. To establish custom parameters, contact your Aries Account Coordinator.
The standard password profile is applied to publications that do not have a custom profile:
To return to previous page click ALT + left arrow