The Reset Password facility enables you to allow your users to set and reset their own passwords, so that library staff do not need to set the users’ passwords initially, and so that your users don’t have to divulge their password to library staff in order to log into Folio and use the end user services such as reservations and renewals.
The Reset Password facility can be configured in one of two ways:
The second option is described here. The first option is a much more secure option. To do this see Set /Reset with Temporary Password
Depending on the settings below, users can create their own password in the following circumstances:
For example:
User clicks the Set/Reset/Forgotten Password link:
Folio responds:
Please enter your user barcode and click 'Continue' to proceed.
On entering their barcode, Folio responds:
Please provide the requested information to confirm your identity, and click 'Continue' to receive a temporary password
The user enters e.g. their email address as requested and Folio responds:
Please enter a new password, twice, and click on the save link to use this for future logins.
The user enters a password and password confirmation. They can then continue to use Folio as normal.
You can set up various configuration options to allow users without passwords to click the Set/Reset/Forgotten Password link and to answer security questions. They can then reset their own password or create their own password for the first time.
First configure the login option and login form if you have not already done so.
To make the Login option display at the top of the Folio screen, you need to check this setting is enabled, or enable it
field | Value |
---|---|
Ini File / Config Block | g_menu |
Value | "Y" (encase in double quotes) |
Include | Yes |
To specify the name of the Login option
If the setting does not exist, click New Record to create it.
field | value |
---|---|
Ini File / Config Block | login |
Setting | page_title_login |
Value | "Login" (encase in double quotes) |
Include | Yes |
The following settings are required to configure the login form correctly. Note these are WebView settings
Setting | Purpose | Fields | Values |
---|---|---|---|
password_required |
Note: Users without passwords in their User record will then no longer be able to log in. The Login form will show a mandatory password field (*) as soon as the user clicks the Login option. |
Ini File / Config Block | login |
Setting | password_required | ||
Value | "You must enter a password to log in. If you have not yet set your password, ask a member of library staff for the temporary password, then click the Set/Modify Password link to set your own password" | ||
Include? | Yes | ||
password_reset_link | Define the text of the Set/Modify Password link | Ini File / Config Block | login |
Setting | password_reset_link | ||
Value | "Set/Reset Password?" or "Forgotten Password?" | ||
Include? | Yes | ||
password_reset_allowed |
Configure the Login form to display the Set/Modify Password link |
Ini File / Config Block | login |
Value | true | ||
Include? | Yes |
Changes take effect in Folio immediately.
This is how you set the system to prompt the user for some information to validate themselves.
Field | Description |
---|---|
Min. Validity (mins) | Minimum time allowed between password resets |
Max Validity (hours) | Temporary password validity (before it gets ignored) |
Temporary password complexity | Letters only, numbers only, both, anything printable |
Length | Temporary password length |
Potential validation fields |
List of user fields to validate the password reset request. One or more from the following ending in semi-colon: email;postcode;phone;note1 [up to note10];copy;balance; (Email · postcode (for any address) · last 4 digits of phone number (home, office or mobile) · borrowers.note1-10 (labelled as security questions on account details) · barcode of an item currently on loan · outstanding balance) Optional : you can also include any column name from the BORROWERS table by adding “_” (underscore) to the column name. For example fname_ for the user’s forename. In addition, a more user-friendly label is preferably created for this in g_forgotten_password (fname_label setting) such as “Forename”. See Label settings below. A system secret string (see below*) can be entered instead of or as well as other validation fields. To use this, enter the text secret; ...followed by semi colon. |
No. Fields to request | Enter the number of user fields to request that should be validated, e.g. 2 |
No. Fields to validate | Enter the number of user fields to actually require correct validation (at least 1) |
Password Reminder Field | Optional configuration of a field (e.g. one of the note fields) for the user to store a password reminder comment. If this field is populated, display it as a hint for the password field on the login form. Do not allow the password reminder and the password to have the same value. |
System Secret String* | A general password that you regularly update, e.g. weekly. This will be the string required if you include secret as a potential validation field. |
Preferred Notice, Alternative Notice To User | Select a preferred alert notice to use and an alternative (if the user does not have suitable contact information for the preferred notice) |
Notice to Library | Select the notice that will be used if the user does not have suitable contact information for either notice. |
For example, entering email will prompt them to enter one of the two email addresses that have been added to the Email field in their user record (which will be separated by a semi-colon with no spaces, e.g. john.smith@myorg.com;john.smith123@yahoogoogle.com)
Once you have configured which field or fields to present to the user, enter the number of fields to present to the user in No. Fields To Request. Enter the number of fields to actually validate in No. Fields To Validate. For example, you could configure it to present three fields but only ask for any one of those fields to be completed, by entering 3 in No. Fields To Request and 1 in No. Fields To Validate.
If you have included secret in the Potential Validation Fields, enter the temporary password in System Secret String. (The System Secret String should be changed as frequently as is deemed necessary, e.g. at the start of each week.)
If you have included email in the Potential Validation Fields, you must also include a mailid option in the usdetails array. Without this setting, the Email field will not be displayed on the validation screen that is displayed when the user uses the Set/Reset Password facility. (Using Folio Configuration Settings by Setting search for usdetails to display the list; set Include=Y).
For each field that you have included in the Potential Validation Fields field in OPAC Defaults, you will need an xxxxx_label setting in g_forgotten_password, where xxxxx is the field mnemonic, e.g. email_label.
Before creating a new setting, search for the xxxxx_label setting in the Folio Configuration Settings by Setting search to confirm that it hasn’t already been added. If there is no setting with that name, create a new one, e.g.
Field | Value | Description |
---|---|---|
Interface | 1 | |
Ini File / Config Block | g_forgotten_password. | |
Setting | email_label | |
Value | "Enter your student email address" | Enter the field label / prompt that you prefer |
Value2 | "hidden" | If you want the users’ input to be obfuscated whilst they are entering it, set Value 2 to “hidden”. If Value 2 is not set to “hidden”, the users’ input will be displayed in plain text. |
Sequence 1 | 4565 | Enter a random high number |
Sequence 2 | 0 | Enter zero |
Include | Yes |
Folio will now ask for the user's email, as follows:
Enter your student email address
If you want users to be able to change their password on the Account Details screen once they have successfully logged into Folio, you will also need to make these configuration changes.
"password E <view>Password</view><edit>New password:<br/>Confirm password:</edit>".
Note: the above example includes the HTML line break tag (<br/>) immediately preceding the Confirm password string. Do not remove it.
(The text between the <view>…</view> tag is displayed when the Password field is displayed in read-only mode. The text between the <edit>…</edit> tag is displayed when the Password field is displayed in modify mode, i.e. after the user has double-clicked Password).
More options are available in g_forgotten_password:
Setting | Config block | Value | Include? | Result when user clicks "Forgotten Password" / "Set/Reset Password" |
---|---|---|---|---|
first_password | g_forgotten_password | "ask user" | Y | When Folio is reloaded, if the User record has password = NULL, the Set/Reset/Forgotten Password link on the Login form will ask the user to create a new password. |
temp_password | g_forgotten_password | Y |
When Folio is reloaded, users will always be able to click the Set/Reset/Forgotten Password link even if he/she already has one, and will be given the option to create their own new password. If Include =N, Users can still be prompted to create their own password in certain circumstances, if one of the other settings below are configured. |
Setting ID | Setting | Config block | Include? | Text displayed to user | Description |
---|---|---|---|---|---|
605882 | passreset_page1_heading | g_forgotten_password | Y | Please enter your user number and click ‘Continue’ to proceed | Edit the text in double quotes in the Value field if you need to change the text displayed to the user |
605881 | passreset_page2_heading | Y | Enter the temporary password and click ‘Continue’ to set your own personal password | This should be changed so that it relates to the fields that you have configured the system to prompt for | |
605883 | enter_new_password | Y | Please enter a new password and click on the Save link to use this for future logins | Edit the text in double quotes in the Value field if you need to change the text displayed to the user |
If any user records could be missing contact details, these settings allow the user to create a password directly in Folio:
Setting | Config block | Value | Include? | Missing details | Result when user clicks Set/Reset/Forgotten Password |
---|---|---|---|---|---|
no_email_option | g_forgotten_password | "ask user" | Y |
Email might be your preferred way to communicate when the User clicks Set/Reset/Forgotten Password. If the User details do not include email address, this setting allows the user to create a new password directly in Folio. |
The User enters their barcode and other validation details when prompted. Normally OLIB would email / send sms with a new password, but because these user details are missing Folio asks the user to create a new password themselves: Please enter a new password, twice, and click on the Save link to use this for future logins i.e. User creates their own password in these circumstances even when temp_password is set to No. When the user specifies a new password, the Folio session will be logged in and he/she will be able to use Folio as normal. |
no_sms_option | "ask user" | Y |
SMS might be your preferred way to communicate when the User clicks Set/Reset/ Forgotten Password. If the User details do not include mobile number, this setting allows the user to create a new password directly in Folio.
|
||
ask_if_no_contact_info | true | Y | OLIB will allow the User to create their own password in Folio if the User details are missing both email address and mobile number. |
When Folio displays a message to the user, the text comes from various Folio settings. If preferred, you can change the text of these messages:
Setting | Config block | Value | Include? | Description |
---|---|---|---|---|
enter_new_password | g_forgotten_password | "Please enter a password twice and click on the Save link to use this for future logins." | Y | Set this to a message that will appear above the prompt to enter the new password. Encase in double quotes. |
password_refer_to_library | "You must contact the library in order to reset your password." | |||
password_unrecognised_barcode | "The user ID that you entered is not recognised. You must contact the library for them to assign you a valid user ID". | If the user enters an unrecognised barcode when prompted, Folio displays this message. If you want to change the message, create this setting in OLIB, with your preferred text contained in the Value field in double quotes. (Sequence 1=1, Sequence 2=0). |
This completes the configuration for set/reset password directly in Folio. A newly-registered user can now set his/her personal password in Folio as follows: