Transcript

0:00

Hi there. This is Ali Ryder from ACRE Consulting, and this is a training video about setting up your password settings in HIFIS. Now, unfortunately, there are sort of 2 halves to setting up your password settings. The first half is done by your database administrator ACRE your IT support, and they actually need to modify the config files that are on your server. So this is not something that the HIFIS administrator like you can do.

0:33

But once it has been set up and configured, then in the application settings, so that's administration, application Consulting, on the settings tab, then there is some area where you can ACRE some changes related to the password settings in HIFIS. So one thing that you can do is specify a password age limit. So if it's set to 0 that means there is no limit but if you set it to something else like 30 days or 90 days then what happens is every 30 or 90 days, whatever you set, the users will be prompted to set a new password in HIFIS. Now just for full disclosure, at the time that I'm recording this, there's nothing in force to actually make sure it is a new password. So they're just prompted to to create a password and save it, but it could be the same one again.

1:35

So it's not the most secure of features, but that's what the password age limit does. Now this is something that you set up on your own as the HIFIS administrator ACRE your IT, your database administrator, does not need to do anything with that. However, the password complexity is where your DBA comes in. So there is something in the web config file where they need to activate certain password requirements. So for example, if you said needs to have at least a number and one non alphanumeric character and it needs to be at least 8 characters long, then your DBA will need to set that those rules up.

2:19

But you can provide a message here, and that is your help message to users if they try to create a password that does not meet the complexity requirements. So you could change this default text to say minimum of 8 characters and include one number and one non alphanumeric character. So this is where you tell your users what the password rules are but your DBA needs to actually set up those rules. And the last setting on this screen that's relevant is this email link expiry. So when a user forgets their password, they can click on the forgot password button, and it'll send them an automatically generated link that will allow them to create a new password.

3:13

This is also done on user account setup. So when the user account is brand new, an email will get sent out to the user prompting them to set up a password. It'll contain a link, and that link will expire after a certain amount of time. Here is where you can indicate how long before it expires. Now the default value here is 1, so they have 24 hours before the link stops working, which is a really good safety feature.

3:46

But if we're talking about the immediate launch, it may be a good idea to temporarily increase this value, when you're trying to onboard a lot of staff. And maybe not everyone is working on the same day, but you send out a bunch of emails on Monday. Some people might not get the email until Tuesday or Thursday. And so it may be temporarily a good idea to increase this to, oh, a value up to 4. That's the maximum.

4:18

I did not know that. I'm just learning it with you. Anyways, so this is your email link expiry that has to do with resetting passwords and setting passwords for new accounts. Don't forget to save all of this, and then you have now set up most of your password settings in HIFIS.

HIFIS System Administrator Training

🌁 Service Providers and Clusters

🔐 User Rights and Accounts

🏷️ Programs

📊 Reports

💫 Coordinated Access

🛏️ Rooms and Beds

🏠 Housing Unit Inventory

🎫 Service Inventories

⌛ Waiting Lists

🔍 Lookup Tables

👩🏾‍⚕️ People & Places

📝 Custom Forms

Some miscellaneous application settings

👩‍💻 Administration

Mark as complete

HIFIS System Administrator Training ⚙️ Settings

How to set up password rules in HIFIS

There are two distinct places where some values can be changed:

Front-End

This can be configured by a HIFIS Administrator. If that describes you, here are the instructions you’ll need:

Using the Administration Menu, click on Application Settings.
In the Password Age Limit (days) field, enter the number of days after which users are prompted to change their password, or leave the field blank for no prompt.
In the Email link expiry (days) field, enter the number of days a password recovery email link is valid for before it expires. In other words, when a user clicks the “Forgot Password” button and is emailed a new password, how long do they have to click the link in their email before the link expires?
In the Password Complexity Help Message field, add in some text for users to let them know what the password complexity requirements are. However, you are just providing a message here; a DBA must modify the web.config file on your server to actually change the password complexity rules.

Back-End

This can be configured by your Database Administrator (DBA), or someone with access to make changes directly on the server. If that describes you, here are the instructions to modify these settings:

Locate your Domain\web.config file (located in the Domain folder)
Search for the string StandardMembershipProvider. The matching element should look something like this:
<membership defaultProvider="StandardMembershipProvider"> <providers> <add name="StandardMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" /> </providers> </membership>
Replace the values you would like to change. In particular, the minRequiredPasswordLength and minRequiredNonalphanumericCharacters are likely the values you’ll be changing first!

Get access now Already have access? Please login.

ACRE Consulting Academy

HIFIS System Administrator Training

🌁 Service Providers and Clusters

How to set up a cluster

How to merge clusters together

🔐 User Rights and Accounts

Introduction to the user list

How to create a user account

How to reset another user's password

How to unlock a locked user account

How to set up rights templates

The five basic HIFIS 4 rights

🏷️ Programs

How to set up and administer programs

📊 Reports

How to manage reports

How to upload a custom report

How to deploy new reports from the marketplace

💫 Coordinated Access

Understanding the coordinated access module

🛏️ Rooms and Beds

How to set up rooms for the Admissions module

How to set up shelter beds

How to put beds into and out of service

🏠 Housing Unit Inventory

Understanding the housing unit inventory

How to add a housing unit to the inventory

🎫 Service Inventories

How to set up your food bank inventory

How to set up express goods templates

How to set up express service templates

⌛ Waiting Lists

How to set up waiting lists

🔍 Lookup Tables

How to manage options in drop-down menus

👩🏾‍⚕️ People & Places

How to add and manage non-client, non-user people

How to add and manage places

📝 Custom Forms

How to create and use questionnaires (surveys)

How to manage custom tables

How to change the name of the custom tables tab

⚙️ Settings

How to change consent settings

How to set up attestation

Setting up your inactivity policy settings

How to change housing history settings for a cluster

What does the "enable sharing" option do

How to change the data sharing settings related to client management

How to set up your geographic region mapping

How to let youth also be family heads

How to set up demographic visibility settings for your service provider

How to set up password rules in HIFIS

How to set mandatory and disabled fields

What is a housing continuum and how do I edit it?

Some miscellaneous application settings

👩‍💻 Administration

How to use the HIFIS audit log

How to delete a service record from a client file

How to merge two client files

How to broadcast system-wide messages

Next lesson

How to set mandatory and disabled fields

How to set up password rules in HIFIS

Front-End

Back-End