Validation
For a user to have their password approved, the user must follow our guidelines regarding the validation of their password.
- Your password must be between 12 and 100 characters in length.
- Your password must contain at least one uppercase letter (e.g. ABC)
- Your password must contain at least one lowercase letter (e.g. abc)
- Your password must contain at least one digit (e.g. 123).
You are also allowed to use special characters to further increase the strength of your password.
Expiry (standards, warnings)
Standard password expiry and timing settings within our password handling system.
Notice: before deactivating a normal user, we analyze the user activity. Active accounts will delay the deactivation progress and deletion is cancelled.
Inactivity: When a user has not logged into our system for 1 year (default)
User creation
|
|
|
Create new user, sends email to the user with activation link that expires after | 14 days | Configurable |
If the user ignores the activation, the activation disables, and the user is deleted after | 30 days | Configurable |
Expiry
|
|
|
Standard password expiry time | Never (if active) | Configurable |
User gets first request for changing password after | 1 year of inactivity | Configurable |
User gets second request for changing password after/on | +10 days | Configurable |
User gets third request for changing password after/on | +20 days | Configurable |
User gets fourth request for changing password after/on – email: account will be deactivated in 10 days. | +30 days | Configurable |
Users that has system admin and still haven’t changed their password will not be deactivated or deleted, these users will get another password change request e-mail | +40 days + every 10 days | Configurable |
Users that is not system admin and still haven’t changed their password will deactivated – email sent. | +40 days |
|
If user has been active but not changed password in the above period (1 years) then user will not be deactivated this period has run out | 1 year + 6 months (no further emails will be sent in this period) | Configurable |
User account will be deleted after | Never | Configurable |
User inactive period before getting deleted. | 14 days | Configurable |
Check user’s expiry time execution, when do we check the user’s expiry time | 8 (Hours) | Configurable |
Within how many days a user has to be logged in to have active status | 30 days | Configurable |
Warnings
System administrator, Breecesupport and user-administrator roles won’t be deactivated or deleted.
If the user has such a role, the user will continue to receive mail
warnings every 10 days until changed, or max warnings has been reached. This is until the user has changed their password (configurable).
Notice:
That our service also checks the user account activity, if we register a lot of activity on the account, the account will not be deleted and the time between last warnings and deactivation period is extended.
Actions
Create user
An administrator or user administrator role creates a new user.
When the user is created, our system automatic sends an e-mail to the new user containing a link for our ‘register and type password’-page (at this time, the account is not enabled). This e-mail is translated to our supported languages, based on the Language selected in the user creation procedure.
From the time the mail is sent to the activation link expires - there will go 14 days (configurable). If the link has expired, the user has the option (within 30 days) to click “Send a new activation e-mail” this will give the user 30 days extra.
When password is validated, the user account is enabled, and it is now possible to log into Breece Cloud or Breece Cloud Enterprise.
Forgotten password
If password is forgotten, this is handled by the user going to our login screen. In the bottom (underneath the actual login form) the user can click on ‘Forgot my password’- button.
Now a dialog/popup is opened, and the user has the option to type the registered e-mail used for login to cloud. If this e-mail is validated within our system. The user will receive a new activation e-mail.
Change password
If user wants to change password, the user must go to their profile page and type new password 2x.
Delete user
If the user wants to delete his account, the user must go to their profile and click Delete account request. The user then gets prompted with message “You received an e-mail, with confirming link/button”. The user now has the option to confirm deletion by clicking the link/button the user in the e-mail. Our support departments now receive a ticket to delete the user.