|Table of Contents|
Password management is tightly connected with user's email be it customer of a shop or business user using admin application. In both cases user login would be an email address. All password communication will done directly to users email address.
- Business users receive password in the account registration email (This password is temporary and will force password reset on first login in versions 3.5.0+)
- Business user can change their passwords using password change page (available in versions 3.5.0+)
- Business user with user management role can reset passwords for other users which will result in email with password being sent.
Automatic Password Management
Out of the box YC provides automatic password management. This means that there is no option for customer or business user to change their password, they can only reset the password.
As depicted on on the diagram in the overview section in automatic mode customer receives their initial password when they register in shop. The password is automatically generated and send via email. Password can be included using the password variable in email templates.
Thereafter customer has the option to reset their password from the account using reset password button, which results in password reset link being sent to their email. Alternatively if they forgot their password they can use the forgotten password form to trigger this email. If the shop does not provide a forgotten password functionality customer has option to contact call centre and business user with access to customer accounts can trigger password reset from the admin application. In version 3.5.0+ the origin of the request can be established using additionalData.callCentrePasswordReset.
As admin application is restricted to organisation users the password management is somewhat simplified. Upon new user creation business users receive email with their password specified in a similar way customers do. The password can be reset by business users with user management role which triggers an email with new password.
In versions 3.5.0+ the generated password is temporary, which means upon its use the business user will be promoted to choose another password.
User Controlled Password
Starting from version 3.5.0 password management can be setup to be fully controlled by business user thus providing flows to allow both customers and business users to change the password.
|Note that link for reseting password is the same in both password management modes. Thus at the point of using the link YC will check again the registration form configurations in order to establish of password fields are available for this type of customer. If not then auto generated password will be issued instead.|
The initial password management (i.e. for creating new user and for reseting their password) remained the same in the sense that business user will still receive an email with password specified. However since version 3.5.0+ this password is temporary (i.e. already expired) which forces business user to change the password on first login to the admin application.