Configuration in Authentication Web
The First Day Password settings as well as the necessary notifications can be configured in Authentication Web.
- In the left navigation, click on First Day Password.
- In the Settings tab, configure whether users can continue with enrollment after setting their first password and whether the First Day Password can be accessed through the uReset page.
- Enable enrollment: allows users to continue to enrollment after setting their initial password, to enroll with any other ID services that the organization has configured in their uReset policy..
- Allow First Day Password from uReset: allows user to access First Day Password from the uReset page.
- Click Save.
- Click on the Notifications tab. Here you can configure the notifications associated with First Day Password. These notifications can be sent either as an email or as a text message.
- Click New to create a new notification.
- In the Event drop-down, choose which notification you want to create:
- First Day Password invite: the invitation sent to the new user containing the First Day Password link.
- First Day Password Complete: the notification sent to confirm the completion of the First Day Password process.
- Configure the notification.
The invitation notification should contain the First Day Password URL (placeholder %FirstDayPasswordUrl%) in order to for the new user to be able to access the First Day Password web page.
If no URL is provided, users can only access the First Day Password web page by clicking the reset password link on the login screen of a company-issued computer.
When using the Insert link button in the ribbon and putting the URL placeholder in the To what URL should this link go? field, make sure to uncheck the Use default protocol checkbox. If this is not unchecked, the resulting link will not work because of a repeated "http://" inserted before the link. - Click Save.
Initialization and scheduling
First Day Password is a Powershell-based feature. There are several commands associated with First Day Password.
Command: Get-SpecopsFirstDayPassword
Retrieves all users with an active First Day Password.
Example command
Get-SpecopsFirstDayPassword -Username serra.test1
Command: Set-SpecopsFirstDayPassword -Username [username]
This command marks the user as ready for First Day Password. It takes the following parameters:
Parameter | Description |
---|---|
-UserMobile | The mobile number of the new user. This is the phone number where the user will receive the mobile code to authenticate with. This parameter is optional.
Although this parameter is optional, either -UserMobile or -PersonalEmail needs to be included for the user to be able to authenticate with First Day Password, unless the user is enrolled in other ways, for example:
This parameter requires that the mobile number included starts with an international prefix, followed by the country code. The only international prefix allowed here is "+". Other prefixes, such as 00, 011 or others cannot be used. Thus, for example, the following notation is allowed (example for Swedish mobile number): +46706123456 or +460706123456. If the interational prefix is omitted, a warning message is displayed. |
-PersonalEmail | The personal email address of the new user. This email address will be used to send the authentication link to. This parameter is optional (see note under -PersonalMobilePhone for instances where this parameter can be omitted). |
-FromDate | The date on which the invitation link will be sent out. This is an optional parameter. If no date has been entered, it defaults to today's date. Invitation notifications are always sent at the next User Counting. |
-ValidNumberOfDays | States the number of days the First Day Password link should be valid for. Default is 20 days. |
Example command
Set-SpecopsFirstDayPassword -Username sierra.test1 -PersonalEmail specops.test1@gmail.com -UserMobile +12155550123 -FromDate "05/09/2024 06:00" -ValidNumberOfDays 3
Command: Send-SpecopsFirstDayPasswordNotification [username]
This command sends the First Day Password immediately, in case it needs to be sent without waiting for the next User Counting. Note that this cmdlet can only be used for users who have already been flagged for First Day Password.
It takes the following parameter:
Parameter | Description |
---|---|
username | Note that multiple usernames can be entered, comma-separated. |
Example command
Send-SpecopsFirstDayPasswordNotification serra.test1
Command: Remove-SpecopsFirstDayPassword -Username [username]
This command removed the user from First Day Password.
Example command
Remove-SpecopsFirstDayPassword -Username serra.test1
For more information on using the Cmdlets associated with First Day Password, including bulk user enrollment, please refer to this blog post.
Enabling and disabling user First Day Password
Under User counting you can configure whether or not First Day Password invitation notifications are sent out at the next User Counting.
- In the left navigation, click on User Counting.
- Mark the checkbox for Send First Day Password welcome email when the scheduled counting is complete (default is checked).
- You can also manually start a USer Counting and send invites as soon as this counting completes. Check the box for Send First Day Password welcome email when the counting is complete under Start a new user count.
This option only appears if at least one invite notification has been configured.
Customization
Some of the texts on the First Day Password web pages can be cutomized to suit your organization's tone.
Text | Default | Description |
---|---|---|
First Day Password start page title | First Day Password | Title for the First Day Password landing page |
First Day Password start page description | Welcome to First Day Password... | Description for the First Day Password landing page |
Invalid First Day Password URL message | The First Day Password link has expired or is invalid | Information to end user when the link has expired or is invalid |
Not eligible for First Day Password | You are not eligible for First Day Password | For example if user was not marked for First Day Password. |
Password Reset Information | Error message when a user is not eligible for First Day Password after signing in | Information message on the password reset page during First Day Password |