Guide Overview

The following guide is designed to give administrators an overview of the following Password Assistant App related topics:

  • A brief synopsis of the Overview, Policies, and Reset History tabs
  • Adding, editing, and deleting reset policies

 

Guide Index

You can use the following links below to quickly navigate to a specific section in this document. To quickly return to this index simply use the Return to Index link located at the end of any section.

  1. Overview Tab
  2. Policies Tab
  3. Reset History Tab
  4. Creating a Password Policy
  5. Password Resets for Students Through My Classes
  6. Resetting Users Passwords with Different Acceptance Methods
  7. Users Resetting Their Password Via Login Page

 

Overview Tab

This tab allows you to check the status of your Local Active Directory key if your district uses a  Local AD integration. This includes which user generated the last key, as well as the date it was generated.

Please note that both of these files are necessary in establishing up a connection between the Password Reset Assistant and Microsoft AD. For instructions on creating this link please refer to the Connecting the Password Reset App with to Microsoft Active Directory help document.

mceclip21.png

[Return to Index]

Policies Tab

This tab allows you to view, create, and manage the password reset policies for your site.

mceclip1.png

To create a new password policy click on Add Policy at the top right corner of the page.

mceclip3.png

Additionally, you can also edit, copy, and delete a reset policy by using the options located on the right of any listed policies using the Edit and More options.

mceclip4.png

[Return to Index]

Reset History Tab

This tab allows you to review all password resets that have been initiated throughout your district. Additionally, you can narrow down the password reset history using the filter options. These allow you to search by the user the reset was for, the status, or the user that performed the reset.

mceclip5.png

[Return to Index]

Creating a Password Policy

To add a new reset policy, begin by navigating to the Policies Tab. Click on the Add Policy on the right side of the page.

mceclip3.png

The first section, you will need to fill out the following policy data:

  • Policy Name: The name of your password policy that will appear in the policies list.
  • Reset token expiration (minutes): This is the time a reset token will last once generated.

mceclip6.png

Next, under the Password Complexity Requirements section, you have control over the following:

  • Minimum length: This field allows you to set a passwords minimum length.
  • Must contain at least: This field allows you to set the types and counts of characters that are necessary for a password.

mceclip7.png

The Password Complexity Instructions section, you need to include instructions for the specific password requirements you have set. 

mceclip8.png

Next is the Options section, where you control how the policy appears, and how the user can reset their password. You have many different options for password recovery methods:
You can have multiple recovery methods enabled. 

    • Set New Password Directly
      Only available to users that have access to user profile (e.g. Admins, Agents)
      • Selecting this option allows a user's to manually reset their password directly from the users profile page.
    • Recovery Questions
      Only available for users to self solve and reset their own password.
      • Selecting this option allows users to set answers to recovery questions when resetting their password. 
      • Please note the option Users can initiate own password recovery has to be enabled for users to reset their passwords using this method. This option is location under the Whose password can be reset section
    • Emailed Url
      Available for users to self solve and users that have access to user profile (e.g. Admins, Agent)
      • Allows users to send out an email containing a password reset link. This can only be sent to the email address we have stored in iiQ. 
    • Text Message: 
      Available for users to self solve and users that have access to user profile (e.g. Admins, Agent)
      • Allows users to send out a text to their stored phone number that contains a password reset link.
    • Generate A Password Reset Code 
      Only available for users that have access to user profile (e.g. Admins, Agents)
      • Selecting this option allows users with the correct permissions to generate reset codes that users can use to reset their password from the login screen.
      • Please note the option Users can change their own password  has to be enabled if the acceptance method Generate Reset Code is enabled. This option is location under the Whose password can be reset section

Please see the article section below going over how to reset a users password when using these different acceptance methods.

mceclip9.png

 

Login Providers: These options allow you to set what system contains your primary user login data, as well as what system you want the password reset request to route to. Please note, the route field only appears when you have checked a system option and that you must specify a system to route requests to.

  • Local (iiQ Only): This option is utilized when setting up reset requests to locally created accounts. All requests of this type should route to Local (iiQ Only).
  • Google SSO: If you are using this source for user data you can route your password reset requests either through Google SSO directly or to Local AD through the password connectors app.
  • Microsoft Azure SSO: If you are using this source for user data you can route your password reset requests either through Azure SSO directly or to Local AD through the password connectors app.
  • If you are using any of the following sources for user data you will want to route all requests to Local AD through the password connectors app.
    • ClassLink SSO
    • Enboard SSO
    • Microsoft Active Directory
    • Microsoft Active Directory Federated Services
    • Rapid Identity SSO

mceclip10.png

When routing requests to an outside system, you will be asked to identify what field in Incident IQ should be used for looking users up and what field this should match against in your AD/SSO.

mceclip12.png

The next section only appears if the Secret Questions password recovery method is selected.

  • Number of questions that must be answered: This field allows you to set how many secret questions a user must choose to answer during a password reset. Please note, this number must be less than or equal to the number of password reset questions you create. This is a required field.
  • Alert Methods: These options provide in system prompts to alert users when they need to set up their secret question answers.
    • Dashboard Widget: This option will display a widget at the top of a user's page prompting them to set up their secret question answers.
    • Popup message on login: This option will display a pop-up window when a user logs in prompting them to set up their secret question answers.
  • Add: This button allows you to add a new secret question that users can choose from to answer. Please note, this number must be greater than or equal to the number of questions you require users to answer.

mceclip13.png

You will be required to specify who can reset user passwords, as well as which user they can perform password resets for. 

Please note, you may set up multiple profiles in the section, allowing you to give some users more or less user password reset options as needed.

Who can perform the password reset: This section allows you to determine what users can perform a password reset. You can narrow this down by location, user role, user policies, or even down to an individual user.
Please see the section below for more details on enabling teachers to reset passwords for their students through My Classes.

mceclip14.png

Whose password can be reset: This section allows you to determine what users can have their passwords reset using this policy. You can narrow this down by location, user role, user policies, or even down to an individual user.

mceclip15.png

You have two additional options under the Whose password can be rest section are:

  • Users can change their own password  - This option has to be enabled if the acceptance method Generate Reset Code is enabled. 
  • Users can initiate own password recovery - option will allow the users to click on forgot password on the login screen to access the different recovery options if enabled (Recovery questions, Emailed URL, Text Message). 

mceclip17.png

The Send password expiry emails: Sends out an automatic email to alert users when their passwords are about to expire, based on the Active Directory password expiration date. If selected, you will need to specify how far in advance the alert will go out and how often.

mceclip19.png

And finally, the Ticket Details Integration section allows you to setup which tickets outside of Password Reset tickets will show the password reset widget for use by your agents and administrators. If you select Notify all followers on ticket of password change success/failure then any follower on a ticket will be notified through email if the password reset succeeded or failed.

mceclip20.png

[Return to Index]

 

Password Reset for Student Through My Classes

You have the ability to allow your teachers to reset students' password through My Classes. There are a few settings that have to be enabled. 

Need to learn more about My Classes? Please see the detailed guide here

First, under Site Options, enable the My Classes feature. This will allow the teachers to access the My Classes feature on their dashboard.

mceclip0.png

Next, go to the Permission Policy page. Select the permission policy for your teachers to give access to reset students password through My Classes.

mceclip1.png

Navigate to the User section. Enable the View all users option. This will give that teacher role access to the student user profile to reset their password. 

mceclip2.png

Now in your Password Assistance Policy, under the section Who can perform the password reset, you will need to assign the role you gave access to View the student user profile. Once saved, they can change the student password through My Classes. 

mceclip3.png

On the teachers dashboard they will select My Classes. Next select or search for the student. Click on the student to access their user profile. Scroll down to the Password Reset section. Click Change Password

mceclip5.png

mceclip6.png

[Return to Index]

 

Resetting Users Passwords

Resetting a users password within iiQ is based on the permissions set when creating the password policy. Please see the article section above for more details on granting permissions to users to reset passwords. 

Go to a users profile page with iiQ to reset a users password. Scroll down to the Password Reset section. Click Change Password

mceclip23.png

Next you will have the different acceptance methods for the password reset. These acceptance methods are dependent on the settings that were set when creating the password policy.

mceclip25.png

The Set a new password Directly acceptance method allows you to manually enter in a new password for that user. Below you can review the complexity instructions for the password. You will have to let the user know the new password. We do not automatically send an email to the user with the new password. 

mceclip26.png

Selecting the Email URL acceptance method allow you to send an email to the user.  Within the email there is a password reset link. From this link the user can reset their password. Set how long the link in the email should be valid. This can only be sent to the email address we have stored in iiQ. 

mceclip27.png

Text Message acceptance method allows you to send a text message to the user with the recovery link. This method with only appear if there is a phone associated with the user. Set how long the link in the email should be valid for.

mceclip28.png

Selecting the Generate A Password Reset Code acceptance method allows you too generate reset code that will then need to be sent to user to reset their password. The user will go to your districts iiQ login page and click Forgot Password. Then, they will enter in their email address. Next, enter in the password reset code. From there they can reset their password directly. 

mceclip30.png

mceclip29.png

[Return to Index]

Users Resetting Their Own Passwords Through iiQ

You can allow your users to self solve and reset their own password through iiQ. When setting up your password policy make sure under the section Whose password can be reset, the option Users can initiate own password recovery have to be enabled. 

mceclip31.png

For a user to reset their password they will go to your districts iiQ login page and click Forgot Password

mceclip33.png

Then they will enter in their email address. Next will display the different acceptance methods. These acceptance methods are dependent on the settings that were set when creating the password policy. 

mceclip32.png

When selecting the Recovery Questions method, the user will then answer the each prompted question to reset their password. This method will only appear if the user answered the recovery questions prior to attempting to recover their password. Please see the article section above going setting up the questions and alert methods. 

mceclip34.png

Selecting the Email URL acceptance method allow the user to send an email to their email address. Within the email there is a password reset link. From this link the user can reset their password. This can only be sent to the email address we have stored in iiQ. 

mceclip35.png

Text Message acceptance method allows the user to send a text message to their phone. This method with only appear if there is a phone associated with the user. 

mceclip36.png

[Return to Index]

Was this article helpful?
2 out of 4 found this helpful