Managing password notification tickets

Password notification tickets

Password notification tickets are generated when the Domain administrator creates a new user account and checks the Email containing password ticket checkbox or when the user requests one by clicking on the New password button on the Login page. Password notification tickets remove the complexity of assigning passwords to each new user or to users who have forgotten their password from the Domain admin. They can also remove the security concerns of sending passwords through email in plain text

Once a password notification ticket is generated it remains valid until one of the following criteria has been met:

If there are any password notification tickets outstanding a Outstanding password tickets link will appear in the left navigation menu on the Administration tab. Clicking the link will take you to the Outstanding password tickets page where you can manage the currently active password notification tickets.

Managing outstanding password notification tickets

The Outstanding password tickets page provides a list of all user accounts with outstanding password notification tickets. Each user account is presented with the account creation date, date of last modification and a drop down list that allows you to take action on the notification ticket associated with that user.

The username links to the Edit user page where you can validate the user's full name and email address. At this point you can invalidate the outstanding password notification ticket by assigning a password to the user. Alternatively, you may wish to contact the user to find out why they have not used the password notification ticket.
The list is sorted by the account creation date. As you manage the password notification tickets you may wish to address the oldest accounts first.
Last modified
The last date the user account was modified generally indicates when the password notification ticket was generated.
You can perform three actions on an outstanding password notification ticket: Defer action , Reissue ticket or Delete ticket. Select an action by selecting one of the options from the drop down list in line with a user account and clicking on the Process actions button. You can perform actions on multiple tickets simultaneously.
  • Defer: by default, all outstanding password notification tickets are deferred to the future. Selecting defer, in effect, changes nothing about the notification ticket. If you choose Defer for all the available password tickets and click the Process actions button a message indicating no action was taken will appear.
  • Reissue ticket: selecting this will reissue a password notification ticket to the user. The original password notification is no longer valid and the modification date for that user account will change on the Outstanding password tickets page.
  • Delete ticket: selecting this will delete the password ticket. A new password notification ticket will be issued if the user requests a new password on the Login page.

When and how you choose to manage outstanding password tickets is at your discretion. You can use the Outstanding password tickets page to identify users who may be experiencing problems logging in or have bad email addresses as well as to monitor any possible dead accounts on your system. If you suspect that you have dead accounts with outstanding password tickets, you may consider deleting the accounts from your site. Keep in mind, until a password notification ticket is deleted, it can be used at any time to access your site.

Password Ticket expiry

An Outstanding password ticket hyperlink is displayed in a Administration menu when no password has been set for the user. When you click the link it takes you to the Outstanding Password Tickets page which lists all the tickets that are open. In typically general circumstances, each open ticket entry is removed when the user sets a password. However, in certain cases, when a user does not set a password at all, the link is removed automatically after the lapse of a specified period of time. The expiration period applies to all outstanding tickets. This avoids unnecessary clutter in the Outstanding Passwords Tickets Page when outstanding password tickets don't get validated.

Initially all sites will have the password tickets expiration period disabled. Once you establish this policy of setting the time period for your site, then the password tickets will expire after the specified time period.

Note: Once you implement this policy in your domain, the configuration change will expire all the outstanding password tickets. You may wish to reissue all the outstanding password tickets prior to changing the policy, or they may wish to have users re-apply for accounts.

To set the time period for the expiration of the ticket:

  1. Log in as a domain administrator.
  2. Click the Administration tab and then the Domain link. The Configure <DomainName> page opens.
  3. Scroll down to the Password Security for Domain Users section. You can specify the expiry period in the field Password Ticket Expiry Period. This specifies the number of days a password ticket is valid. If you set this to 0, the tickets will never expire. The expiry period can be specified for both admin and non-admin users separately.

An email is sent to the user asking the user to set a password at the time when the user account is created if no password is set at the time of the user account creation. An email is also sent if the user requests a new password. This email carries the URL the user needs to click to set the password. Once the expiry time period has been determined, this email will carry the date until which the URL is valid. This depends on the expiry time period set. For example, if you have set the expiry time period to 10 days and you open a user account on January 1st 2005 at 10. a.m., the email sent to the user requesting a password be set for the account will read "The above URL is valid only until January 10, 2005 10:00:00 AM GMT" in the time format that has been set by the host administrator.

Note: -The email will not have the validity date if the expiry option is disabled (set to 0).