User Accounts: Password Expiration Management

Overview

Schools have a number of options available for managing password expiration for each of their users:

  1. Per User
    Change the user’s account status to “password expired” on their person account record. This will require the user to change their password the next time they log in to their portal.
  2. Batch Update
    Batch update by group (e.g. parents, students, faculty/staff, etc.) the “Account Status” field on person account records to “password expired.”
  3. Password Duration
    Set the “Password Duration” system parameter to require a user to change their password after a certain number of days.

When users’ passwords are expired, they will be prompted to change it themselves the next time they log in. For faculty/staff, parents, and students, updating expired passwords will most likely occur when they log in to their portals. Faculty/staff members using additional Veracross apps such as the HPU Configuration Tool and the Qualitative Grading Tool will also be prompted to change their password upon login. Users will not be prompted to change their password from Axiom. When passwords are updated from the portal or other Veracross apps, the Axiom password will change automatically.

Password expiration is only for current members of the school community. User accounts for applicants and enrolling/re-enrolling users cannot be expired from the Person Account record or using the “Password Duration” system parameter. The requirements for passwords for logging into Veracross are as follows:

  • Must be at least 8 characters long
  • Must contain both lower and upper case letters
  • Must contain at least 1 number
  • Cannot contain username

Per User

Schools may expire an individual user’s password from their Person Account record. Use the “All User Accounts” query located under the User Accounts section on the System homepage to find the Person Account record for the individual. Click on the “Security Admin” link to open the record. Change the user’s account status from “Enabled” to “Password Expired” and update the record.

Changing the account status to “password expired” will prompt the user to change their password the next time they log in to their portal. The user will enter their username and password as usual and then be instructed to select a new password. Users have 30 minutes to reset their password before the reset link times out. If it times out before they have selected a new password, they may click the “Forgot Password” link again. Once a user has selected a new password the account status on their Person Account record will switch back to “enabled.”

Batch Update

Expiring passwords in batch follows the same process as expiring an individual user’s account, but the “Account Status” field is updated per user account group rather than per individual. Use the queries under the User Accounts section on the System homepage to expire passwords for groups of users such as faculty/staff, students, or parents.

  1. Open the query for the group whose passwords should be expired (e.g., Faculty & Staff Accounts, Student Accounts, or Parent Accounts).
  2. From the “Results” menu item, select the “Batch Update Records…” option from the Action menu.
  3. Select “Status” from the “Select Field to Batch Update” dropdown.
    Note: the “Status” field is the only field that may be batch updated on the Person Account record.
  4. From the second dropdown select “Password Expired.”
  5. Click “Update [x] Records to update the records.

All records within the selected User Accounts query will be expired. Users updating their password will follow the same procedure as above.

Password Duration

Some schools may opt to require users to change their Veracross passwords after a certain number of days. This feature is disabled at all schools by default, but can be enabled using the “Password Duration” system parameter. To enable password duration for users, the “public value” field can be set to the length of time allowed (in days) before users must change their password. If the parameter is set to 0 (zero), password duration is disabled.

When the Password Duration system parameter is enabled, a procedure will run each night to process the length of time remaining before passwords must be changed. Beginning the first night after the Password Duration parameter is set, the system begins counting down the number of days remaining until passwords expire. When 80% of the password validity period has elapsed for a user’s passwords, they will be sent an email reminding them to change their password.

For example: if the password duration is set or 90 days, users will receive a reminder to change their password when it is 72 days old and only 18 days remain before their password will expire.

After the duration time has elapsed, Person Account records for all users who have not updated their password are “expired” (i.e. “Account Status” field updates to “Expired”). Users are sent an email notifying them that their account has expired. When they log in to their portal (or other application if the user is a school staff or faculty member) they will be prompted to update their password. Once the password is updated, their Person Account record switches back to “enabled” and the duration time begins counting down again. The password duration time, though the same increment for all users, resets per user when they change their password.

For schools interested in this feature, they should submit a client portal request (CPR) to have it enabled at the school. Veracross will set the “Password Duration” system parameter to the increment of time preferred, and make available two email templates, “Password Reminder” and “Password Expired,” that will help the school manage reminders and notifications of when users’ passwords will expire. Schools may configure the password expiration notification email templates once they are available.

print

Related Articles