Admin console - password resets


(Brian Hinshaw) #1

User has requested password reset email, received it but then won’t take his desired password, the requirements for the password needs to be shown to the user

If they do this a number of times, it locks the account and there’s no way I found in the console to unlock their account

If user leaves company, they may have a bot that we need to access. Need a way through admin console to either set a temporary password and have someone sign in as them or way to reassign ownership of their bot to another developer


(Yoga Ramya Mendu) #2

Hi @bh2195,

Please find our responses below:

Query 1: The requirements for the password needs to be shown to the user.
Ideally, while creating the password, you can observe an icon “i”, on hovering on it, we would be showing the password requirements.
Similarly, this should be shown while resetting the password also.
We have communicated this to our engineering team. This will be addressed as per the feasibility.

Query 2: there’s no way I found in the console to unlock their account
Once the account is locked for 15mins, you as an admin can observe an unlock option in the user settings.

However, if the password error has been observed for more than 6 or 9 times(Approximately), the account gets completely blocked. Even the admin will not have any provision to unblock the account.

Query 3: You can assign bot to another user with a developer role as of now.

  • Click on the user details.
  • Navigate to Manage Bots tab.
  • Select the required bot and the role.

Thank you for your valuable inputs.

Regards,
Yoga Ramya.


(Brian Hinshaw) #3

Thanks for the update

The response to query 2 on unlocking the account is not an optimal situation. Why is there a 15 min delay for this to be observed in the admin console? It should be immediately presented so that the resource could be unlocked and returned to an active state. There should also be a mechanism for the admin to prevent the account from being completely blocked, or unblock it, or request a support ticket to Kore for assistance in reverting the situation. Simply blocking the account with no alternative action is not acceptable.

Are these conditions overridden when Kore is integrating with SSO services in our environment?

Thanks


(Yoga Ramya Mendu) #4

Hi @bh2195,

We have discussed this with our engineering team. We apologize for the information provided in our first response.

Ideally, there are two types of locks.

  1. Soft/Temporary lock : This will happen when the user types the password wrong for 3 times continuously. Here, the account will be locked for 15mins, then the user can enter the password again.

  2. Hard lock : This will happen when the above temporary lock repeats for 6 or 9 times continuously. User account will be locked permanently.

We have checked with the concerned team and confirm you that in both the cases, the admin will have the “unlock” option for the respective user.

Please refer the attached screenshot:

image%20(3)

Let us know if you need any further clarification on the above.

When Kore is integrating with SSO services in your environment, these conditions are overridden.

Regards,
Yoga Ramya.