Changing a User Password

This section outlines the most common scenarios in which user passwords are changed. In the first scenario, the user forgets their password and they need a system administrator to change it. In the second scenario, a user may want to change their own user password.

Additionally, if the user forgets their password the Forgot Password functionality allows password reset via an email generated from Web UI. For more information, refer to the Accessing a Web UI topic of the Web User Interfaces documentation.

Important: Passwords for the 'stepsys' and 'DBA' user accounts on production and preproduction environments are required to use a specific, fixed, strict password policy independent from the Security Policy. The password for these two accounts:

  • must be at least 16 characters and meet three (3) of the following four (4) criteria: must contain a minimum of one lowercase character, must contain a minimum of one uppercase character, must contain a minimum of one digit, must contain a minimum of one special character.

  • does not expire.

  • is reusable after 24 hours.

The two accounts are locked out for 15 minutes after three (3) failed log in attempts.

Prerequisites

Users must be privileged to change passwords via the 'Maintain user password' privilege action. For more information, refer to the Setup Actions and Error Descriptions topic.

Changing a User Password - System Administrator

On a standard STEP system, passwords may contain up to 24 characters. Passwords are case sensitive. Only an administrative-level user should have the permissions to reset a user’s password from the Users & Groups node. For security reasons, the password is stored in the system as encrypted so that even an administrator cannot view it. Options for users to change their own passwords are outlined in the following section.

To change a user password as a system administrator:

  1. On the System Setup tab, under Users & Groups, select the user requiring the password change.

  2. Select Change User Password under the Description section of the user information.

  3. Enter and retype the new password and click Save.

Note: On the Users & Groups root node, you can define a password security policy to be used. Information about setting security policies can be found in the Security Policy topic.

Changing a User Password - User

A user may change their own password from the workbench or the Web UI depending upon where the user is working.

Important: A user who is set as 'Externally Maintained' cannot change their password. For more information, refer to the Working with Users topic.

From the workbench

  1. From the File menu, select Change Password.

  2. On the Change Current User Password dialog, type in the old password and then the new password twice.

  3. Click Save, and the new password takes effect at the next system sign-on.

From the Web UI

Users can change their own password when logged into the Web UI via the User Details screen, as defined in the User Details Screen topic in the Web User Interfaces documentation.

For users to be able to change their own password in the Web UI:

  1. In workbench on the System Setup tab, edit the user and check the 'Force Authentication via STEP' parameter.

    If the 'Force Authentication via STEP' parameter is unchecked, the 'Old password,' 'New password,' and 'Repeat new password' fields do not display, and the user cannot change their password in the Web UI.

  2. Configure access to a User Details screen.

    For example, configure a User Widget on the Homepage linked to a 'User Details' screen. A user can click on the 'User Details' link (as shown in the screenshot below) to access the change password functionality. For more information, refer to the User Widget topic in the Web User Interfaces documentation.

    If correctly configured, the 'User Details' screen displays.

Users can change their password by accessing the 'User Details' screen (shown above):

  1. In the 'Old password' field, enter the current password for the user.

  2. In the 'New password' field, enter the desired new password for the user.

  3. In the 'Repeat new password' field, enter the same password you entered in the 'New Password' field.

  4. Click Save at the bottom of the screen to successfully change your password. The new password grants you access to Web UIs to which your user group has access, as well as the workbench.

Note: If additional password security has been configured for passwords on your system, specifically 'Password Strength Validation,' any new passwords must conform to those standards. For more information on establishing robust password security protocols, refer to the Security Policy topic.