Configuration in Authentication Web
The First Day Password settings as well as the necessary notifications can be configured in Authentication Web.
- In the left navigation, click on First Day Password.
- In the Settings tab, configure whether users can continue with enrollment after setting their first password and whether the First Day Password can be accessed through the uReset page.
- Enable enrollment: allows users to continue to enrollment after setting their initial password, to enroll with any other ID services that the organization has configured in their uReset policy..
- Allow First Day Password from uReset: allows user to access First Day Password from the uReset page.
- Click Save.
- Click on the Notifications tab. Here you can configure the notifications associated with First Day Password. These notifications can be sent either as an email or as a text message.
- Click New to create a new notification.
- In the Event drop-down, choose which notification you want to create:
- First Day Password invite: the invitation sent to the new user containing the First Day Password link.
- First Day Password Complete: the notification sent to confirm the completion of the First Day Password process.
As with other uReset notifications, these notifications make use of placeholders, such as %UserEmail% and %UserFirstName%, to dynamically populate the notification with information.
- Configure the notification.
The invitation notification should contain the First Day Password URL (placeholder %OnboardingUrl%) in order to for the new user to be able to access the First Day Password web page.
If no URL is provided, users can only access the First Day Password web page by clicking the reset password link on the login screen of a company-issued computer.
Lors de l’utilisation du bouton Insérer un lien dans le ruban, l’espace réservé pour l’URL dans le champ Vers quelle URL ce lien doit-il rediriger ?, assurez-vous de décocher la case Utiliser le protocole par défaut. Si elle n’est pas décochée, le lien qui en résulte ne fonctionnera pas, en raison de la répétition du "http://" avant le lien. - Click Save.
Initialization and scheduling
First Day Password is a Powershell-based feature. There are three commands associated with First Day Password.
Command: Get-SAOnboarding
Retrieves all users with an active First Day Password.
Command: Set-SAOnboarding -Username [username]
This command marks the user as ready for First Day Password. It takes the following parameters:
Parameter | Description |
---|---|
-UserMobile | The mobile number of the new user. This is the phone number where the user will receive the mobile code to authenticate with. This parameter is optional.
Although this parameter is optional, either -UserMobile or -PersonalEmail needs to be included for the user to be able to authenticate with First Day Password, unless the user is enrolled in other ways, for example:
This parameter requires that the mobile number included starts with an international prefix, followed by the country code. The only international prefix allowed here is "+". Other prefixes, such as 00, 011 or others cannot be used. Thus, for example, the following notation is allowed (example for Swedish mobile number): +46706123456 or +460706123456. If the interational prefix is omitted, a warning message is displayed. |
-PersonalEmail | The personal email address of the new user. This email address will be used to send the authentication link to. This parameter is optional (see note under -PersonalMobilePhone for instances where this parameter can be omitted). |
-FromDate | The date on which the invitation link will be sent out. This is an optional parameter. If no date has been entered, it defaults to today's date. Invitation notofications are always sent at the next User Counting. |
-ValidNumberOfDays | States the number of days the First Day Password link should be valid for. Default is 20 days. |
Command: Remove-SAOnboarding -Username [username]
This command removed the user from First Day Password.
Enabling and disabling user First Day Password
Under User counting you can configure whether or not First Day Password invitation notifications are sent out at the next User Counting.
- In the left navigation, click on User Counting.
- Mark the checkbox for Send First Day Password welcome email when the scheduled counting is complete (default is checked).
- You can also manually start a USer Counting and send invites as soon as this counting completes. Check the box for Send First Day Password welcome email when the counting is complete under Start a new user count.
This option only appears if at least one invite notification has been configured.
Customization
Some of the texts on the First Day Password web pages can be cutomized to suit your organization's tone.
Text | Default | Description |
---|---|---|
First Day Password start page title | First Day Password | Title for the First Day Password landing page |
First Day Password start page description | Welcome to First Day Password... | Description for the First Day Password landing page |
Invalid First Day Password URL message | The First Day Password link has expired or is invalid | Information to end user when the link has expired or is invalid |
Not eligible for First Day Password | You are not eligible for First Day Password | For example if user was not marked for First Day Password. |
Password Reset Information | Error message when a user is not eligible for First Day Password after signing in | Information message on the password reset page during First Day Password |