Validation


For a user to have their password approved, the user must follow our guidelines regarding the validation of their password.

  • A password must contain between 8-16 characters. 
  • The password must contain both small and large letters (both uppercase and lower case should be present). 
  • The password must contain minimum one number
  • The password must not have been used previously (3x). 

 

Expiry (standards, warnings) 


Standard password expiry and timing settings within our password handling system.

Notice: before deactivating a normal user, we analyze the user activity. Active accounts will delay the deactivation progress and deletion is cancelled.

Inactivity: When a user has not logged into our system for 1 year (default)

 

User creation

 

 

 

Create new user, sends email to the user with activation link that expires after 

14 days

Configurable 

If the user ignores the activation, the activation disables, and the user is deleted after

30 days 

Configurable

 

Expiry

 

 

 

Standard password expiry time 

Never (if active)

Configurable

User gets first request for changing password after

1 year of inactivity

Configurable

User gets second request for changing password after/on

+10 days

Configurable

User gets third request for changing password after/on

+20 days

Configurable

User gets fourth request for changing password after/on – email: account will be deactivated in 10 days.

+30 days

Configurable

Users that has system admin and still haven’t changed their password will not be deactivated or deleted, these users will get another password change request e-mail

+40 days + every 10 days

Configurable

Users that is not system admin and still haven’t changed their password will deactivated – email sent.

+40 days 

 

If user has been active but not changed password in the above period (1 years) then user will not be deactivated this period has run out

1 year + 6 months (no further emails will be sent in this period)

Configurable

User account will be deleted after

Never

Configurable

User inactive period before getting deleted. 

14 days

Configurable

Check user’s expiry time execution, when do we check the user’s expiry time

8 (Hours)

Configurable 

Within how many days a user has to be logged in to have active status

30 days

Configurable

 

Warnings


System administrator, Breecesupport and user-administrator roles won’t be deactivated or deleted. 
 If the user has such a role, the user will continue to receive mail

warnings every 10 days until changed, or max warnings has been reached. This is until the user has changed their password (configurable). 

Notice:

That our service also checks the user account activity, if we register a lot of activity on the account, the account will not be deleted and the time between last warnings and deactivation period is extended. 

 

 

Actions


Create user


An administrator or user administrator role creates a new user.

When the user is created, our system automatic sends an e-mail to the new user containing a link for our ‘register and type password’-page (at this time, the account is not enabled). This e-mail is translated to our supported languages, based on the Language selected in the user creation procedure.  

From the time the mail is sent to the activation link expires - there will go 14 days (configurable). If the link has expired, the user has the option (within 30 days) to click “Send a new activation e-mail” this will give the user 30 days extra.

When password is validated, the user account is enabled, and it is now possible to log into Breece Cloud or Breece Cloud Enterprise.

Forgotten password


If password is forgotten, this is handled by the user going to our login screen. In the bottom (underneath the actual login form) the user can click on ‘Forgot my password’- button. 

Now a dialog/popup is opened, and the user has the option to type the registered e-mail used for login to cloud.  If this e-mail is validated within our system. The user will receive a new activation e-mail. 

Change password


If user wants to change password, the user must go to their profile page and type new password 2x. 

Admin force password reset


Breece cloud admins which has access to edit user accounts, has the option to force a password reset on a user profile. The disables the user and the user receives a password creation e-mail. Following same procedure as a normal user creation.s 

Delete user


If the user wants to delete his account, the user must go to their profile and click Delete account request. The user then gets prompted with message “You received an e-mail, with confirming link/button”. The user now has the option to confirm deletion by clicking the link/button the user in the e-mail. Our support departments now receive a ticket to delete the user.