Subject: | Enforce password change for employees created through "ESS_AutoProfile_flag" |
Summary: | Hi Team, ESS has a configuration "ESS_AutoProfile_flag". When the configuration is enabled, employees created in Payroll are automatically created in ESS. These employees can then log into ESS with the system generated password - Welcome123. Given the instructions, many users do not change their password after the first log in. Improvement - Enforce new employees created through the flag to change password at first login. This will solve the issue where employees can access other ESS accounts with the default password. Test Plan Test No | Description | Status | 1 | Employee created from the flag, should be prompt to change password at first login |
| 2 | Users should be able to change password without errors |
| 3 | Users should be to successfully login with the new passwords. |
|
|
Audit Notes: | |
06 Oct 2017 | 10:36AM Comment 1 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 06-10-2017 10:36 AM |
| Approved design: - When creating a user assign a complex unknown password.
- Users will have to recover the password to login into the system.
- Change the new user alert to give instructions on first login password recovery.
- Remove generic question/answer when creating user, leave this blank
- Move the user creation function from processes to an API so we can generate the salt and password uniquely.
- When the user logs in with system generated password, force a password change.
- Add a force password flag to LT_SYS_User
|
|
06 Oct 2017 | 10:36AM Comment 2 by Alvis (Link Technologies) Case 8845 added to project 8.19 |
20 Oct 2017 | 08:28AM Comment 3 by Alvis (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 20-10-2017 08:28 AM Time Taken: 2.00 |
| Hi Sanjay, We have added a flag "ForcePasswordChange" to table LT_SYS_User. All user procedures have been changed. When creating employee profile we set this flag to TRUE. Next Step: - Add "ForcePasswordChange" to user maintenance form
- If the flag is TRUE, user must change password.
|
|
23 Oct 2017 | 09:48AM Comment 4 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 23-10-2017 09:48 AM Time Taken: 4.00 |
| User maintenance has been changed to include "ForcePasswordChange" flag. When this flag is ticked, the user is redirected to change password screen on login. |
|
16 Nov 2017 | 10:24AM Comment 5 by Sanjeet (Link Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 16-11-2017 10:24 AM Time Taken: 1.00 |
| QA1 Beta 1 LINKSOFT. Steps 1. Create New Employee in Payroll 2. ESS Login is auto created. 3. Recover password Item 4 of approved design (Comment 1) has not been done. It still asks Question & Answer.
|
|
17 Nov 2017 | 12:02PM Comment 6 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 17-11-2017 12:02 PM Time Taken: 2.00 |
| Removed question and answer from auto ess profile create process. |
|
18 Nov 2017 | 09:00AM Comment 7 by Sanjeet (Link Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 18-11-2017 09:00 AM Time Taken: 1.00 |
| QA2 BETA2 LINKSOFT. User is able to browse menus without changing password. "Force Password Change" must force user to change password before accessing any other menu. Instead of this page below Figure 1 it should open page as in figure 2. Figure 1:
Figure 2
|
|
19 Nov 2017 | 11:16AM Comment 8 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 19-11-2017 11:16 AM Time Taken: 1.00 Reference: BETA2 |
| Hi Sanjeet, the design is to take the user to the "change Password" page upon login. We do not block the user from navigating to another page. This is done as we want the system to facilitate the process which it does in this case. Please test this case based on Test items 1,2 and 3 in the case header. Thanks Regards Sanjay |
|
20 Nov 2017 | 08:35AM Comment 9 by Rashna (Edge Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 20-11-2017 08:35 AM Time Taken: 2.00 |
| QA for product and Patch Releases Step 1 - Developer to system test changes until not issues are found - Alvis and Sanjay to sign off on System Test Step 2 - Product expert allocated by Consulting Manager for Product QA. Consulting Manager to allocate resource Consulting Manager to sign off on UAT and Generic Test
STEP 1 - DETAILS OF QA can be entered in case comments. Summary to be maintained in the table below. Tested case in QA1 with database LINKSOFT. Version 819.Beta 2 Table 1 - Summarised list of issues No | Issue Description | Resolved? | 1 | When creating a user assign a complex unknown password. | Pass - Password in DB is Y+cbOlJpREV30Kr7As4ZZa6Izc0= | 2 | Change the new user alert to give instructions on first login password recovery. | Failed - No alert is fired when employee is created from "ESS_AutoProfile_flag" config. Employee do not the have knowledge that he or she has to recover password. | 3 | Remove generic question/answer when creating user, leave this blank | Pass - Security question and answer has been removed. Employees have to enter Code and registered email only. | 4 | Recovered password should be successfully emailed to the address | Pass | 5 | Users should be able to login with the recovered password | Pass | 6 | If "Force PasswordChange" is enabled the change password page should open as per comment 8 | Pass | 7 | If "Force PasswordChange" is disabled the employee profile page should open | Pass | | | |
WORKFLOW: - Original case assigned to Development
- When the product is ready for release, System test details are entered into comments and the CASE HEADER Table updated.
- If system test passes, assign case to Consulting Manager for UAT
- If UAT Passes, Assign case for Documentation or close case
|
|
20 Nov 2017 | 01:08PM Comment 10 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 20-11-2017 01:08 PM Time Taken: 1.00 |
| The alert mechanism was not part of the process that created users in ESS from the payroll system. To create an alert we will need to move the "Create new user" in web process to the web scheduled process job. Since this is a big change, we will need to do this outside the beta process. Please proceed with documentation since all other items have passed. Important note: - Test plan must be on the case header
- If the design changes, the case header should be updated with the approved design.
regards Sanay/Alvis |
|
20 Nov 2017 | 01:08PM Comment 11 by Alvis (Link Technologies) Created new case 8918 |
20 Nov 2017 | 02:06PM Comment 12 by Rashna (Edge Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 20-11-2017 02:06 PM Time Taken: 1.00 |
| Documentation updated on the case. Documentation updated under ESS - Technical Reference -- Automatic ESS Profile |
|
20 Nov 2017 | 02:07PM Comment 13 by Rashna (Edge Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 20-11-2017 02:07 PM |
| This case is now closed |
|
09 Oct 2019 | 08:14AM Comment 14 by Sanjay (Link Technologies) Quality control status: Pass. QC Not required - This case was created before quality check was implemented in version 11 on 30/06/2019 |