Changing a User Password

This section outlines the most common scenarios in which user passwords are changed. In the first scenario, the user forgets their password and they need a system administrator to change it. In the second scenario, a user may want to change their own user password.

Additionally, if the user forgets their password the Forgot Password functionality allows password reset via an email generated from Web UI. For more information, refer to the Accessing a Web UI topic of the Web User Interfaces documentation here.

Prerequisites

Users must be privileged to change passwords via the 'Maintain user password' privilege action. For more information, refer to the Setup Actions and Error Descriptions topic of the System Setup documentation here.

Changing a User Password - System Administrator

To change a user password as a system administrator:

  1. From System Setup, under Users & Groups, select the user requiring the password change.

  2. Select Change User Password in the under the Description section of the user information.

  3. Enter and retype the new password and click Save.

On a standard STEP system, passwords may contain up to 24 characters. Special characters, like asterisks (*) and percentages (%), are not allowed. Passwords are case sensitive. Only an administrative-level user should have the permissions to reset a user’s password from the Users & Groups node. Options for users to change their own passwords are outlined below. For security reasons, the password is stored in the system as encrypted so that even an administrator cannot view it.

Note: On the Users & Groups root node, you can define a password security policy to be used. Information about setting security policies can be found in the Security Policy section of Users and Groups here.

Changing a User Password - User

A user may change their own password from the workbench or the Web UI depending upon where the user is working.

From the workbench

From the File menu, select Change Password and a Change Current User Password dialog box will display. Type in the old password and then the new password twice. Click Save, and the new password will take effect at the next system sign-on.

Important: If the user is set as 'Externally Maintained' they are not able to change their password. For more information, refer to the Working with Users topic in the Users and Groups section of the System Setup documentation here.

From the Web UI

Users can change their own password when logged into the Web UI via the User Details screen, as defined in the User Details Screen topic (here) in the Web User Interfaces documentation.

To enable users to have the ability to change their passwords on the Web UI, the 'Force Authentication via STEP' setting must be checked for the specific user. This setting is in workbench on the System Setup tab under the user node. If this setting is unchecked, the 'Old password,' 'New password,' and 'Repeat new password' fields do not display, and the user will be unable to change their passwords in the Web UI.

Access to a User Details screen can be configured in different ways. For example, if a User Widget linked to a 'User Details' screen has been configured on the Homepage, then a user can click on the 'User Details' link (as shown in the screenshot below) to access the change password functionality. For more information, refer to the User Widget topic (here) in the Web User Interfaces documentation.

If correctly configured, users the 'User Details' screen displays.

On the 'User Details' screen, users can take the following steps to change their password:

  1. In the 'Old password' field, enter the current password for the user.

  2. In the 'New password' field, enter the desired new password for the user.

  3. In the 'Repeat new password' field, enter the same password you entered in the 'New Password' field.

  4. Click 'Save' at the bottom of the screen. Your password has successfully been saved.

The new password grants you access to Web UIs to which your user group has access, as well as the workbench.

If additional password security has been configured for passwords on your system, specifically 'Password Strength Validation,' any new passwords must conform to those standards. For more information on establishing robust password security protocols, refer to the Security Policy topic in the System Setup documentation here.