...
Feature for allowing customers to choose their own password is available starting from version 3.5.0. YC versions Platform versions prior this will only have automatic password management capabilities.
...
- Business users receive password in the account registration email (This password is temporary and will force password reset on first login in versions 3.5.0+)
- Business user can change their passwords using password change page (available in versions 3.5.0+)
- Business user with user management role can reset passwords for other users which will result in email with password being sent.
Automatic Password Management
Out of the box YC provides the platform provides automatic password management. This means that there is no option for customer or business user to change their password, they can only reset the password.
...
In versions 3.5.0+ the generated password is temporary, which means upon its use the business user will be promoted to choose another password.
User Controlled Password
...
ManagementLabel Body 3.5.0+
| Body | 3.5.0+ |
|---|
3.5.0+
Starting from version 3.5.0 password management can be setup to be fully controlled by business user thus providing flows to allow both customers and business users to change the password.
Customer
Allowing customers to choose passwords if fully controlled via shop's registration attributes that provide list of attributes that determine the contents of the registration form. These shop attributes have the following form SHOP_CREGATTRS_XXX where XXX represents customer type (e.g. SHOP_CREGATTRS_B2C, SHOP_CREGATTRS_B2G) and contain CUSTOMER type attribute definitions (effectively it is a per customer type list of attributes that need to be captured at registration). Out of the box there are two default attribute definitions password and confirmPassword, thus including them (e.g. SHOP_CREGATTRS_B2C=email,firstname,last name,password,confirmPassword) will result in password fields being available when customer registers. Note that the attribute code is not important but rather that attribute definition value, which is set to password and confirmPassword respectively. Therefore it is possible to create alternative attribute definitions and use them in SHOP_CREGATTRS_XXX as long as their values are correctly set. This allows for multi tenant server to define per shop password configurations (e.g. for different validation purposes).
...
For call centre initiated password resets there are two options. If shop attribute SHOP_CUSTOMER_PASSWORD_RESET_CC is set (which represents the business user customer password reset token) this will still trigger the auto generated password flow. Thus it is recommended to leave this value empty when this mode is enabled. Alternatively you can use a condition statement in email templates to distinguish between two types of password resets.
| Code Block | ||
|---|---|---|
| ||
<% if (additionalData.callCentrePasswordReset) { %>
Your new password is: <b>$password</b>
<% } %> |
...
| Tip |
|---|
| Note that link for reseting password is the same in both password management modes. Thus at the point of using the link YC the platform will check again the registration form configurations in order to establish of password fields are available for this type of customer. If not then auto generated password will be issued instead. |
Business user
The initial password management (i.e. for creating new user and for reseting their password) remained the same in the sense that business user will still receive an email with password specified. However since version 3.5.0+ this password is temporary (i.e. already expired) which forces business user to change the password on first login to the admin application.
...