Company: Link Technologies
Case No: L08845. Project: 08.20: LinkSOFT Version 8.2
Logged By: Rashna (Edge Business Solutions) on 02 Oct 2017 04:58PM
Priority: Medium
Product: Payroll & HR
Group: Enhancement
Time Taken: 15.00 (Weight: 15.00)
Version: 8.290.0115
Assigned To: Sanjay (Link Technologies)
Circulation: Alvis, Development, Rashna, Sanjay, Sanjeet
Resolve By: Tuesday, 03 October 2017 12:00 AM [2370 days since logged date]
Status: Closed
Subject: Enforce password change for employees created through "ESS_AutoProfile_flag"
Summary:    

Hi Team, 

ESS has a configuration "ESS_AutoProfile_flag". When the configuration is enabled, employees created in Payroll are automatically created in ESS.

These employees can then log into ESS with the system generated password - Welcome123.

Given the instructions, many users do not change their password after the first log in.

Improvement - Enforce new employees created through the flag to change password at first login. This will solve the issue where employees can access other ESS accounts with the default password.

Test Plan

Test NoDescriptionStatus 
1Employee created from the flag, should be prompt to change password at first login
2Users should be able to change password without errors
3Users should be to successfully login with the new passwords.



Audit Notes:
06 Oct 201710:36AM Comment 1 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 06-10-2017 10:36 AM

Approved design:

  1. When creating a user assign a complex unknown password.
  2. Users will have to recover the password to login into the system.
  3. Change the new user alert to give instructions on first login password recovery.
  4. Remove generic question/answer when creating user, leave this blank
  5. Move the user creation function from processes to an API so we can generate the salt and password uniquely.
  6. When the user logs in with system generated password, force a password change.
  7. Add a force password flag to LT_SYS_User

06 Oct 201710:36AM Comment 2 by Alvis (Link Technologies) Case 8845 added to project 8.19
20 Oct 201708:28AM Comment 3 by Alvis (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 20-10-2017 08:28 AM Time Taken: 2.00

Hi Sanjay,

We have added a flag "ForcePasswordChange" to table LT_SYS_User.

All user procedures have been changed.

When creating employee profile we set this flag to TRUE.

Next Step:

  1. Add "ForcePasswordChange" to user maintenance form
  2. If the flag is TRUE, user must change password.

23 Oct 201709:48AM Comment 4 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 23-10-2017 09:48 AM Time Taken: 4.00

User maintenance has been changed to include "ForcePasswordChange" flag.

When this flag is ticked, the user is redirected to change password screen on login.


16 Nov 201710:24AM Comment 5 by Sanjeet (Link Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 16-11-2017 10:24 AM Time Taken: 1.00

QA1 Beta 1 LINKSOFT.

Steps 

1. Create New Employee in Payroll

2. ESS Login is auto created.

3. Recover password 

Item 4 of approved design (Comment 1) has not been done. It still asks Question & Answer.


    17 Nov 201712:02PM Comment 6 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 17-11-2017 12:02 PM Time Taken: 2.00
    Removed question and answer from auto ess profile create process.

    18 Nov 201709:00AM Comment 7 by Sanjeet (Link Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 18-11-2017 09:00 AM Time Taken: 1.00

    QA2 BETA2 LINKSOFT.

    User is able to browse menus without changing password. "Force Password Change" must force user to change password before accessing any other menu.

    Instead of this page below Figure 1 it should open page as in figure 2.

    Figure 1:



    Figure 2




      19 Nov 201711:16AM Comment 8 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 19-11-2017 11:16 AM Time Taken: 1.00 Reference: BETA2

      Hi Sanjeet, the design is to take the user to the "change Password" page upon login. 

      We do not block the user from navigating to another page. This is done as we want the system to facilitate the process which it does in this case.

      Please test this case based on Test items 1,2 and 3 in the case header.

      Thanks

      Regards
      Sanjay


      20 Nov 201708:35AM Comment 9 by Rashna (Edge Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 20-11-2017 08:35 AM Time Taken: 2.00
      QA for product and Patch Releases
      Step 1 - Developer to system test changes until not issues are found - Alvis and Sanjay to sign off on System Test
      Step 2 - Product expert allocated by Consulting Manager for Product QA.
                     Consulting Manager to allocate resource
                     Consulting Manager to sign off on UAT and Generic Test

      STEP 1 - DETAILS OF QA can be entered in case comments. Summary to be maintained in the table below.

      Tested case in QA1 with database LINKSOFT. Version 819.Beta 2

      Table 1 - Summarised list of issues
      NoIssue Description Resolved? 
      1 When creating a user assign a complex unknown password. Pass - Password in DB is Y+cbOlJpREV30Kr7As4ZZa6Izc0= 
      2 Change the new user alert to give instructions on first login password recovery.Failed - No alert is fired when employee is created from "ESS_AutoProfile_flag" config. Employee do not the  have knowledge that he or she has to recover password. 
      3Remove generic question/answer when creating user, leave this blank Pass - Security question and answer has been removed. Employees  have to enter Code and registered email only.
      4 Recovered password should be successfully emailed to the address Pass
      5 Users should be able to login with the recovered password Pass
      6 If  "Force PasswordChange" is enabled the change password page should open as per comment 8 Pass
      7  If  "Force PasswordChange" is disabled the employee profile page should open  Pass
       

      WORKFLOW:

      1. Original case assigned to Development
      2. When the product is ready for release, System test details are entered into comments and the CASE HEADER Table updated.
      3. If system test passes, assign case to Consulting Manager for UAT
      4. If UAT Passes, Assign case for Documentation or close case

        20 Nov 201701:08PM Comment 10 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 20-11-2017 01:08 PM Time Taken: 1.00

        The alert mechanism was not part of the process that created users in ESS from the payroll system. To create an alert we will need to move the "Create new user" in web process to the web scheduled process job.

        Since this is a big change, we will need to do this outside the beta process.

        Please proceed with documentation since all other items have passed.

        Important note:

        1. Test plan must be on the case header
        2. If the design changes, the case header should be updated with the approved design.

        regards
        Sanay/Alvis


        20 Nov 201701:08PM Comment 11 by Alvis (Link Technologies) Created new case 8918
        20 Nov 201702:06PM Comment 12 by Rashna (Edge Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 20-11-2017 02:06 PM Time Taken: 1.00

        Documentation updated on the case.

        Documentation updated under ESS - Technical Reference -- Automatic ESS Profile


        20 Nov 201702:07PM Comment 13 by Rashna (Edge Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 20-11-2017 02:07 PM
        This case is now closed

        09 Oct 201908:14AM Comment 14 by Sanjay (Link Technologies) Quality control status: Pass. QC Not required - This case was created before quality check was implemented in version 11 on 30/06/2019
        If you have any queries regarding this support incident, please email admin@linktechnologies.com.au and include the Case No: L08845 in the subject line of all emails regarding this issue.

        Document size: 13.8 KB
        For call complaints, please contact the Managing Director of the company using this form