...

Feature for allowing customers to choose their own password is available starting from version 3.5.0. YC versions Platform versions prior this will only have automatic password management capabilities.

...

• Business users receive password in the account registration email (This password is temporary and will force password reset on first login in versions 3.5.0+)
• Business user can change their passwords using password change page (available in versions 3.5.0+)
• Business user with user management role can reset passwords for other users which will result in email with password being sent.

Automatic Password Management

Out of the box YC provides the platform provides automatic password management. This means that there is no option for customer or business user to change their password, they can only reset the password.

Customer

As depicted on on the diagram in the overview section in automatic mode customer receives their initial password when they register in shop. The password is automatically generated and send via email. Password can be included using the password variable in email templates.

Thereafter customer has the option to reset their password from the account using reset password button, which results in password reset link being sent to their email. Alternatively if they forgot their password they can use the forgotten password form to trigger this email. If the shop does not provide a forgotten password functionality customer has option to contact call centre and business user with access to customer accounts can trigger password reset from the admin application. In version 3.5.0+ the origin of the request can be established using additionalData.callCentrePasswordReset.

Business user

As admin application is restricted to organisation users the password management is somewhat simplified. Upon new user creation business users receive email with their password specified in a similar way customers do. The password can be reset by business users with user management role which triggers an email with new password.

In versions 3.5.0+ the generated password is temporary, which means upon its use the business user will be promoted to choose another password.

User Controlled Password

...

Management

Label
Body 3.5.0+

 

Starting from version 3.5.0 password management can be setup to be fully controlled by business user thus providing flows to allow both customers and business users to change the password. 

Customer

Allowing customers to choose passwords if fully controlled via shop's registration attributes that provide list of attributes that determine the contents of the registration form. These shop attributes have the following form SHOP_CREGATTRS_XXX where XXX represents customer type (e.g. SHOP_CREGATTRS_B2C, SHOP_CREGATTRS_B2G) and contain CUSTOMER type attribute definitions (effectively it is a per customer type list of attributes that need to be captured at registration). Out of the box there are two default attribute definitions password and confirmPassword, thus including them (e.g. SHOP_CREGATTRS_B2C=email,firstname,last name,password,confirmPassword) will result in password fields being available when customer registers. Note that the attribute code is not important but rather that attribute definition value, which is set to password and confirmPassword respectively. Therefore it is possible to create alternative attribute definitions and use them in  SHOP_CREGATTRS_XXX as long as their values are correctly set. This allows for multi tenant server to define per shop password configurations (e.g. for different validation purposes).

...

Business user

The initial password management (i.e. for creating new user and for reseting their password) remained the same in the sense that business user will still receive an email with password specified. However since version 3.5.0+ this password is temporary (i.e. already expired) which forces business user to change the password on first login to the admin application.

...