Password reset should be able to be done by individual users at will.

If tickets come in to reset their passwords, we can encourage them to do this on their own (Scenario A).


Scenario A:

If the user doesn't know their password, there is a place to do this on the login page 



This will send the user an email with a link to reset their password.



Once the user enters the new password and retypes it and clicks Change Password, they should be able to login with the new password. 

If the user used to log in with their Merit login and then reset their password, their Merit login will no longer work. They will have to use the User Name and Password bar on the login page instead of the DCYF bar.


Response to user should be:


Hi (requester name),

You can reset your password by clicking on the Reset Password tab on the login page.



If for some reason this does not work, I can reset your password for you. Please let me know if you would like me to manually reset your password.

Thanks,

(Your Name)




Scenario B:

If the user confirms that they want you to reset their password. If the request is coming from the email that the user is registered in CECI for, you can go ahead and in the Admin tab, search for the user, click Edit and Click Update Password for This User.


Enter the password as something generic like CECI2024* (note that it must have a capital letter, number and symbol and be at least 6 characters long) and repeat the password and click Update.


Respond to the requester:


Hi (requester first name),

I have updated your password. You can now login using the general login - not the DCYF login - with your user name and the password CECI2024*

Please let me know if you have further issues logging in.

Thanks,

(Your name)



Scenario C:

If someone is requesting a password reset for someone other than themselves, figure out who they are asking for and why. If it is a coach requesting for a director or provider and it is a known coach, go ahead and make the change and follow response similar to Scenario B except say that you updated the password for the user requested. 

If it is a director asking to update for a generic classroom email - verify that the classroom email is for that program and continue. (we are trying to eliminate generic classroom emails in the next year, so this should phase out eventually).


** If possible, have the user follow the steps themselves. This helps us ensure that they are in control of their account access.


Once you have determined that no further action is needed, change the ticket to RESOLVED and tag it with Password Reset