Manage User Account Passwords
User account passwords can be managed using a number of tools throughout Campus. This article describes the numerous options and scenarios around account password management.
This article includes the following topics:
- Modifying Individual User Passwords
- Suggestions for Creating a Strong Password
- Managing Passwords via LDAP Authentication
- Managing Passwords via SAML SSO Authentication
- Managing Password Preferences within Portal
- Managing Passwords within Campus
- Forcing a Password Change for all Student Portal Accounts
- Password-Related System Preferences
- Enabling Password Reset Functionality
- Existing Users Logging into Campus After Password Reset is Enabled
- Recovering Passwords via the Forgot Your Password Link
- Recovering Usernames via the Forgot Your Username Link
- User Incorrectly Attempts to Log Into Campus Multiple Times
- Enabling Login Alert Notification Emails
Modifying Individual User Passwords
PATH: System Administration > User Security > User > User Account
Individual user account passwords can be manually modified by an Administrator using the User Account tab.
Only System Administrators should have access to the User Account tab.
Image 1: Modifying Individual User Account Passwords
If the Enforce Strong Passwords System Preference is not enabled, enter the the new password within the Password field and select the Save icon.
If the Enforce Strong Passwords System Preference is enabled or Password Reset functionality has been enabled, users need to select the Reset Password link, enter a New Password and Verify the Password. The box beneath the first password field indicates the strength of the new password with red meaning weak, yellow meaning medium and green meaning strong. Users will not be allowed to save weak or medium (red or yellow) passwords.
Suggestions for Creating a Strong Password
Complex, tricky passwords are not always strong passwords and can be difficult to remember. For example, TheBr0wnC@t is a stronger password than !@#$%&() because TheBr0wnC@t uses a combination of character types and is long, whereas !@#$%&() uses only symbols and is short. A computer program can crack !@#$%^&() easier than it can crack TheBr0wnC@t.
When creating a password, consider the following:
- Content - Use a short two or three word sentence as your password.
- Length - Make your passwords long (8-10 characters minimum is usually sufficient).
- Combination - Include letters, punctuation, symbols and numbers.
- Uniqueness - Do not use your username or words found in the dictionary.
Managing Passwords via LDAP Authentication
PATH: System Administration > User Security > LDAP Authentication
User account passwords can also be linked to a district's Active Directory using the LDAP Authentication tool. Schools and districts using LDAP Authentication need to manage and update all user account passwords within their Active Directory.
Districts can enable Password Reset and E-signature if they have LDAP to begin using the Online Meal Benefits Application. LDAP environments will not be affected by enabling Password Reset functionality.
A change to a Campus password is ignored if the account is linked to an LDAP server. The only way to change the login password for an LDAP managed account is to change it on the LDAP server.
Image 2: LDAP Authentication
Managing Passwords via SAML SSO Authentication
PATH: System Administration > User Security > SAML Management
User accounts can authenticated via a SAML SSO IDP (such as Active Directory Federated Services (ADFS)). SAML SSO functionality is enabled and configured in the SSO Service Provider Configuration tool and Campus accounts are tied to SAML SSO authentication via the SSO Account Configuration Wizard.
All account passwords and credentials are managed outside of the Campus product by a district's Network Administrator and the IDP.
SAML SSO functionality is currently only available for Hawaii. This functionality is NOT available for general Campus customers.
Image 3: SAML Management Tools
Managing Password Preferences within Portal
PATH: Portal > Change Password; Portal > Account Management
Portal users can update their account passwords using the Account Management tool. The Account Management tool allows users to update their account's existing password, security email address and security image preferences.
Due to recent security changes, the Change Passwords portal option has been removed from Campus. The existing Change Password value has been converted as follows:
- If Change Passwords was marked, the Account Management tool is available within the Campus Portal, allowing Portal users to change their passwords.
- If Change Passwords was unmarked, the Account Management tool is NOT available within the Campus Portal. Districts must enable Password Reset functionality in order to activate the Account Management tool.
Image 4: Account Management - Portal
For more information, see the Account Management (Portal) article.
Managing Passwords within Campus
PATH: Account Settings
Non-Portal users can manage their account security preferences using the Account Settings tool. This tool functions differently depending on whether or not your district has enabled Password Reset functionality. See the Account Settings article for more information.
Image 5: Account Settings
Forcing a Password Change for all Student Portal Accounts
PATH: System Administration > User Security > Student Accounts
Administrators can force a password change for all student Portal accounts within a calendar by using the Force Password Change option in the Student Accounts tool. See the Student Accounts article for more information.
Image 6: Forcing Portal Account Password Change
Password-Related System Preferences
PATH: System Administration > Preferences > System Preferences
A number of important password-related preferences should be set within the System Preferences (Campus .1717 and previous) or Account Security Preferences (Campus .1721 and greater) tools If Password Reset functionality is enabled, these preferences will be automatically set to read-only with a value of Yes or No as described in the image below (Image 7).
|Campus Release Pack .1717 and Previous||Campus Release Pack .1721 and Greater|
The following describes each password preference:
Enforce Strong Passwords
Users can set the value back to No and save; however, even though the field appears with a value of No, Enforce Strong Passwords is still set to Yes within Campus and will require strong passwords.
This preference is automatically set to Yes.
This preference was removed in Release Pack .1713. All new password created in Campus are required to meet the requirements for a strong password.
A value of Yes means Password Reset functionality is enabled. This preference cannot be changed once set. This value is established in the Password Reset Configuration tool.
Enabling Password Reset Functionality
PATH: System Administration > User Security > User Preference Management > Password Reset Configuration
Password Reset functionality is enabled in the Password Reset Configuration tool. This functionality allows Campus application and Portal users the ability to reset their account password as well as manage their account security email address and security preferences without the need for Administrator intervention.
Before enabling Password Reset functionality, consider the following:
- Once enabled it cannot be disabled or reversed.
- Password Reset functionality is only available for accounts authenticated by Campus (not LDAP).
- E-Mail Messenger must be enabled prior to enabling Password Reset functionality.
- Ensure parents are given their own Portal accounts for viewing and managing Portal information. Because each individual Portal account will need to have new security information established once Password Reset functionality is enabled, providing parents with their own account prevents them from having to set up each student Portal account they may log into.
Image 8: Password Reset Configuration Tool
To enable Password Reset functionality:
Before you are allowed to enable Password Reset functionality, you must complete the following:
- Enter Campus User Account Support Advice. This text will appear for users when selecting the Problems logging in? button on the Campus login screen. This text should be used to guide users on the appropriate steps they should take to resolve their Campus account problems.
- Mark the Display phone number on login page checkbox if you would like the District Support Phone Number to appear for users when selecting the Problems logging in? button on the Campus login screen (click the image below to view an example).
- Mark the Display email address on login page checkbox if you would like the District Support Email Address to appear for users when selecting the Problems logging in? button on the Campus login screen (click the image below to view an example).
Select the Save icon. You can now enable access the Enable Password Reset button.
You cannot access the Enable Password Reset button until all required fields are entered and saved.
- Click the Enable Password Reset button. Users will encounter a pop-up message, requiring them to confirm this action. Select OK to enable password reset functionality.
Once the Enable Password Reset button is selected and the action is confirmed, the following will occur:
All passwords will appear hidden within Campus.
All passwords will be required to be strong passwords. This means all users who do not have a strong password will be required to change their password to a strong password the next time they change their password or use the password reset function.
Password reset functionality also automatically makes the following System Preference/Account Security Preference read-only:
- Password Reset
Existing Users Logging into Campus After Password Reset is Enabled
All users logging into Campus for the first time after Password Reset functionality is enabled are required to enter an Account Security Email address (Image 9). This ensures the password/user name recovery process as well as the account notification process have a valid email address to use.
Image 9: Entering a Security Email Address
Recovering Passwords via the Forgot Your Password Link
If a user is part of a school or district which has Password Reset functionality enabled, they may recover their password using the Forgot Your Password? link (see Image 10).
If the school or district does not have Password Reset functionality enabled, a message will appear informing users of the steps they must take to recover their password (often this means calling the school or district to correct the issue).
Image 10: Forgot Your Password Link
Once the Forgot Your Password? link is selected, enter your Campus username in the field below and click Continue (see Image 11). A message will appear, informing you to check your email (sent to your recovery email address).
It is critical that the Recovery Email address established in the Account Settings tool is valid. Users with an invalid email address will be unable to finish the password recovery process. The recovery email address is established during the initial setting of preferences as well as managed on the Account Settings tool (for Campus users) or Account Management (for Portal users).
Image 11: Entering Your User Name
Open the email and select the unique URL provided (Image 12). This will direct you to an editor where you can enter and save a new Campus account password.
Image 12: Example of an Email Containing a Unique Password Reset URL
Enter a New Password (ensuring the password is considered strong), Re-enter the Password, and click the Save button (Image 13).
Image 13: Entering a New Campus Password
Once a new password has been entered and saved, you will receive and email informing you of this change. This email is a safety precaution to ensure you are made aware your password has been changed in case it was changed without your knowledge or consent.
Image 14: Email Notification of a Changed Password
Recovering Usernames via the Forgot Your Username Link
If a user is part of a school or district which has Password Reset functionality enabled, they may recover their username using the Forgot Your Username? link (Image 15).
Users can request their forgotten username up to five times per day. On the sixth try, the user will be locked out of their account and will need to wait until the next day to try again.
Image 15: Recovering a Forgotten Username
Once the Forgot Your Username? link is selected, enter your Recovery Email address and click the Continue button (Image 16).
Image 16: Entering the Recovery Email Address
Once Continue has been selected, a message will appear, informing you to check your email (Image 17).
Image 17: Notification to Check Recovery Email
You will receive an email informing you of your current Campus username (Image 18).
If you do not receive an email from Campus, try selecting the Try Again button on the Campus login screen (Image 17).
Image 18: Example of a Username Recovery Email
User Incorrectly Attempts to Log Into Campus Multiple Times
Users who incorrectly log into their account multiple times will be required to enter a CAPTCHA each time they attempt to log in. This feature prevents users from being locked out of their account after several failed login attempts and protects accounts from malicious bots and scripts.
The type of captcha displayed is dictated based on the captcha settings established in the Login Security Settings tool.
CAPTCHA functionality enforces case sensitivity for all letters other than C, O, P, S, U, V, W, X and Z.
The audio challenge option for Google reCaptcha does NOT work properly within Microsoft Explorer and Edge web browsers.
Below is an example of each available captcha:
|Campus Captcha||Google reCaptcha|
Enabling Login Alert Notification Emails
In an effort to increase security and Campus account awareness, the Login Security Settings tool allows users to enable login notification and verification code emails to alert users when someone logs into Campus using their account from an unknown device.
For more information about this functionality, please see the following:
The image below (Image 20) is an example of a user setting up their Account Security Email and determining if Campus should remember the device for future logins.
Image 20: Establishing a Trusted Device
Below is an example of an email users will receive if someone logs into their account from an unknown device (Image 21).
Image 21: Login Notification Email