Overview
Version
FineBI Version | Functional Change |
6.0 | / |
Application Scenarios
For security reasons, users want to reset their passwords only after authentification (like SMS verification or email verification) when they forget their passwords.
Because many users set simple passwords for login convenience, they hope that the platform can remind them to update their passwords regularly.
For enterprises with higher security levels, there are requirements for the complexity of user passwords (such as the inclusion of uppercase letters and symbols).
For security reasons, users do not want their current passwords to be the same as previous ones.
Because passwords in the datasets of a server are simple, admins (for security reasons) hope that users can be forced to change their passwords upon initial login when importing or synchronizing users.
For security reasons, platform users hope to reset the passwords only after a certain of identity verification (like phone verification or email verification).
Functions
For users who have high security requirements for the platform password system, the admin can set requirements and restrictions for user passwords to enhance platform security under Management System > System Setting > Login > Password Policy Setting.
Effective Condition
For users who cannot change their passwords in this system, the password policy function does not take effect.
Verification Methods for Forgetting Passwords
Log in to the FineBI system as the admin, choose System Management > System Setting > Login > Password Policy Setting, and set the verification methods for forgetting passwords.
The function Forget Password is described in the following table.
Note:Changing Passwords Through SMS AUTH Reset PWD | Changing Passwords Through Email AUTH Reset PWD | Forget Password Function |
Not enabled | Not enabled | Cannot be used |
Enable one of them | Can be used | |
Enabled | Enabled | Can be used (SMS AUTH Reset PSW is selected by default and you can change verification methods as needed.) |
Changing Passwords Through SMS AUTH Reset PWD
SMS Sender
SMS cannot be sent without a sender. The sender in each data-decision system is unique and only needs to be set once.
Log in to the data-decision system as the admin, choose System Management > System Setting > SMS, enable Use SMS Platform, and log in through a FanRuan passport account that has opened SMS service.
SMS Recipient
SMS cannot be sent without a recipient.
Therefore, you have to bind your phone number under User Management > All Users of the data-decision system (otherwise SMS cannot be sent successfully) if using SMS AUTH Reset PSW.
Note:Phone numbers from China, Taiwan (China), Hong Kong (China), Turkey, South Korea, Japan, Singapore, and Malaysia can be bound.
There is no need to add the number 0 before the phone number or the area code when you make phone calls with people in regions like Taiwan (China) and countries like South Korea, Japan, and Malaysia.
Enabling SMS AUTH Reset PWD
Log in to the FineBI system as the admin and choose System Management > System Setting > Login > Password Policy Setting to enable SMS AUTH Reset PWD.
Demonstration
Note:1. If you enter a phone number which is not bound, a prompt pops up: Account not found.
2. If you do not receive the verification code (no error reported at the same time), you can check whether the SMS account balance is sufficient.
Log out the current account. There is a Forgot Password button. Click it as shown in the figure below.
An identity verification dialog pops up. Enter the phone number and verification code, and click OK.
Enter the new password and click Save.
A prompt pops up: Modify password successfully. Click Log in now or wait for automatic login.
Changing Passwords Through Email AUTH Reset PWD
Email Sender
Email cannot be sent without a sender.
Log into FineBI as the admin, choose System Management > System Setting > Mailbox, click Add Sender, configure the sender account, and click OK.
In setting a scheduled task, The default sender of the system is selected in Sender (allow selecting other senders from the drop-down list if any).
Note:1. The configuration steps may vary based on the type of the sender's email. For details, see Mailbox.
2. After configuration, click Send Test Mail to ensure that the mailbox is available.
Email Recipient
Email cannot be sent without a recipient.
Therefore, you have to bind your mailbox under User Management > All Users of the data-decision system (otherwise emial cannot be sent successfully) if using Email AUTH Reset PWD.
Enabling Email AUTH Reset PWD
Log in to the FineBI system as the admin, choose System Management > System Setting > Login > Password Policy Setting to enable Email AUTH Reset PWD. ..
Demonstration
Note:Log out the current account. There is a Forgot Password button. Click it as shown in the figure below.
An identity verification dialog pops up. Enter the mailbox and verification code, and click OK.
Enter the new password and click Save.
A prompt pops up: Modify password successfully. Click Log in now or wait for automatic login.
Password Update Notice
Enable Password Update Notice to customize the setting of Update Cycle and reminder date.
The functions of Password Update Notice is described as follows:
Update Cycle: enter a certain days manually or select fixed days from the drop-down list (at least seven days). The options in the drop-down list are displayed in days (one month = 30 days).
If the days set in Update Cycle is less than or equal to the reminder days, the reminder days will be set to 3 days by default.
The new and old passwords cannot be the same.
This function is supported on mobile terminal.
After Password Update Notice is enabled, the system will automatically determine whether the update date is going to be reached when users log in to the data-decision system. When the N days before the update date is reached, the system will send a platform message to the users: Current password will expire in N days, please change yoour password as soon as possible.
Password Limit
Enable Password Limit to customize the password strength.
The functions of Password Limit are described as follows.
The password strength limit also takes effect when you change passwords in Account Setting.
Any password modification in the system needs to meet the password strength limit.
When you log in to the platform, the system detects the password strength. If your current password does not meet the requirements, the system will redirect to the password modification page.
Username is not case-sensitive. For example, if you tick No Username, you cannot set any form (like ADMIN, Admin, and adMIN) of your username admin in your password.
This function is supported on mobile terminal.
The password modification is successful until you enter a new password that meets the strength limit. Then click OK.
Password Check
If you enable Password Check (disable by default), you are forbidden to use all previous used passwords.
The functions of Password Check are as follows.
The value of Disabled N should be greater than 1 and less than 10.
The current passwords are not recorded in historical passwords.
If the admin reset users' passwords (not cleared up), the passwords will be included in historical passwords.
This function is supported on mobile terminal.
If Password Check is enabled, you may trigger off it when changing passwords with a prompt Cannot use historical password.
Forced Password Change
If Forced Password Change is enabled (disabled by default), you will be prompted to change your password in first login after initializing or reseting the password. ..
Note:
If you log in to the system through the initial password, the prompt is as follows.
Authentication
If rules like Forbid Repeated Login with Same Account in Single Login, Password Update Notice, Password Limit, and Forced Password Change are triggered when you enter the correct username and password in the login page, you have to change your password.
If Authentication is enabled, you have to pass the identity verification (SMS or Email) before changing passwords in the login page.
The functions of Authentication are as follows.
If both two authentication methods are enabled and phone number and mailbox are bound, SMS is used by default.
You cannot change the password (if needed) and log in to the system successfully until you pass the selected authentication method.
There is no verification when you change the password in Account Setting.
Only SMS is supported on mobile terminal.
SMS
SMS Sender
SMS cannot be sent without a sender. The sender in each data-decision system is unique and only needs to be set once.
Log in to the data-decision system as the admin, choose System Management > System Setting > SMS, enable Use SMS Platform, and log in through a FanRuan passport account that has opened SMS service.
SMS Recipient
SMS cannot be sent without a recipient.
Therefore, you have to bind your phone number under User Management > All Users of the data-decision system (otherwise SMS cannot be sent successfully) if using SMS.
Note:Phone numbers from China, Taiwan (China), Hong Kong (China), Turkey, South Korea, Japan, Singapore, and Malaysia can be bound.
There is no need to add the number 0 before the phone number or the area code when you make phone calls with people in regions like Taiwan (China) and countries like South Korea, Japan, and Malaysia.
Enabling SMS
Log in to the FineBI system as the admin, choose System Management > System Setting > Login > Authentication to enable SMS.
Identification
The identification is as follows when you change the password.
Email Sender
Email cannot be sent without a sender.
Log into FineBI as the admin, choose System Management > System Setting > Mailbox, click Add Sender, configure the sender account, and click OK.
In setting a scheduled task, The default sender of the system is selected in Sender (allow selecting other senders from the drop-down list if any).
Note:1. The configuration steps may vary based on the type of the sender's email. For details, see Mailbox.
2. After configuration, click Send Test Mail to ensure that the mailbox is available.
Email Recipient
Email cannot be sent without a recipient.
Therefore, you have to bind your mailbox under User Management > All Users of the data-decision system (otherwise email cannot be sent successfully) if using Email.
Enabling Email
Log in to the FineBI system, choose System Management > System Setting > Login > Authentication to enable Email.
Identification
The identification is as follows when you change the password.
Notes
If rules like Forbid Repeated Login with Same Account in Single Login, Password Update Notice, Password Limit, and Forced Password Change are triggered, you have to change your password.
If Authentication is disabled, you need to enter your previous password as the verification when changing the password.
1. You only have five chances to enter the correct previous password. If the entered password is wrong, a prompt pops up: The old password is wrong. It will be locked after entering the wrong one for 4 times.
2. If the previous password is entered incorrectly after five times:
Common User
A prompt pops up: Input incorrect passwords for too many times. Please re-try in 15 minutes or contact administrators.
After the super admin helps common users change their passwords, the users can log in to the system through new passwords.
Super Admin
A prompt pops up: Input incorrect passwords for too many times. Please re-try in 15 minutes.
After being locked, the super admin can retry in 15 minutes later or log in to the system through the reset password.
