Current Lesson
Course Content
Course Content

How to set up password rules in HIFIS

Hi there. This is Ali Ryder from ACRE Consulting, and this is a training video about setting up your password settings in HIFES. Now, unfortunately, there are sort of 2 halves to setting up your password settings. The first half is done by your database administrator or your IT support, and they actually need to modify the config file. That are on your server.
So this is not something that the HIFUS administrator like you can do. But once it has been set up and configured, then in the application settings, so that's administration application settings on the settings tab. Then there is some areas where you can make some changes related to the password settings in HIFUS. So 1 thing that you can do is specify a password age limit. So if it's set to 0, that means there is no limit.
But if you set it to something else like 30 days or 90 days, then what happens is every 30 or 90 days, whatever you set, the users will be prompted to set a new password in Hyphasis. Now, just for full disclosure, at the time that I'm recording this, there's nothing in force to actually make sure it is a new password. So they're just prompted to to create a password and save it, but it could be the same 1 again. So it's not the most secure of features. But that's what the password age limit does.
Now, this is something that you set up on your own as of the HIFUS administrator, and your IT your database administrator does not need to do anything with that. However, the password complexity is where your DBA comes in. So there is something in the web config file where they need to activate certain password requirements. So for example, if you said needs to have at least a number and 1 non alphanumeric character and it needs to be at least 8 characters long, then your DBA will need to set that, those rules up, but you can provide a message here and that is your help message to users if they try to create a password that does not meet the complexity requirements. So you could change this default text to say minimum of 8 characters and include 1 number and 1 non alpha numeric character.
So this is where you tell your users what the password rules are, but your DBA needs to actually set up those rules. The last setting on this screen that's relevant is this email link expiry. So when a user forgets their password. They can click on the forgot password button, and it'll send them an automatically generated link that will allow them to create a new password. This is also done on user account setup.
So when the user account is brand new, an email will get sent out to the user prompting them to set up a password. It'll contain a link and that link will expire after a certain amount of time. Here is where you can indicate how long before it expires. Now the default value here is 1, so they have 24 hours before the link stops working. Which is a really good safety feature.
But if we're talking about the immediate launch, it may be a good idea to temporarily increase this value when you're trying to onboard a lot of staff. And maybe not everyone is working on the same day, but you send out a bunch of emails on Monday. Some people might not get the email until Tuesday or Thursday. And so it may be temporarily a good idea to increase this to, oh, a value up to 4. That's the maximum.
I did not know that. I'm just learning it with you. Anyways, so this is your email link Spiry that has to do with resetting passwords and setting passwords for new accounts. Don't forget to save all of this. And then you have now set up most of your password settings in hi face.

There are two distinct places where some values can be changed:

Front-End

This can be configured by a HIFIS Administrator. If that describes you, here are the instructions youโ€™ll need:

  1. Using the Administration Menu, click on Application Settings.

  2. In the Password Age Limit (days) field, enter the number of days after which users are prompted to change their password, or leave the field blank for no prompt.

  3. In the Email link expiry (days) field, enter the number of days a password recovery email link is valid for before it expires. In other words, when a user clicks the โ€œForgot Passwordโ€ button and is emailed a new password, how long do they have to click the link in their email before the link expires?

  4. In the Password Complexity Help Message field, add in some text for users to let them know what the password complexity requirements are. However, you are just providing a message here; a DBA must modify the web.config file on your server to actually change the password complexity rules.

Back-End

This can be configured by your Database Administrator (DBA), or someone with access to make changes directly on the server. If that describes you, here are the instructions to modify these settings:

  1. Locate your Domain\web.config file (located in the Domain folder)

  2. Search for the string StandardMembershipProvider. The matching element should look something like this:

  3. <membership defaultProvider="StandardMembershipProvider"> <providers> <add name="StandardMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" /> </providers> </membership>

  4. Replace the values you would like to change. In particular, the minRequiredPasswordLength and minRequiredNonalphanumericCharacters are likely the values youโ€™ll be changing first!