[UXPROD-39] Local password management - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: New Feature
Status: Closed (View Workflow)
Priority: P2
Resolution: Done
Affects Version/s: None
Fix Version/s: Q4 2018
Component/s: None
Labels:
- usermanagement

Template:
customfield_11200 15089
Epic Link:
Users App
Analysis Estimate:
Medium < 5 days
Front End Estimate:
XL < 15 days
Back End Estimate:
Large < 10 days
Estimation Notes and Assumptions:
KG: 5/30/2018 Updated what feature covers. Probably need to re-estimate Frontend and Backend.
Development Team:
Vega
Calculated Total Rank:
Rank: BNCF (MVP Feb 2020):
R1
Rank: Chalmers (Impl Aut 2019):
R1
Rank: Chicago (MVP Sum 2020):
R5
Rank: Cornell (Full Sum 2021):
R4
Rank: 5Colleges (Full Jul 2021):
R2
Rank: GBV (MVP Sum 2020):
R1
Rank: Lehigh (MVP Summer 2020):
R1
Rank: MO State (MVP June 2020):
R1
Rank: TAMU (MVP Jan 2021):
R4
Rank: U of AL (MVP Oct 2020):
R1

Description

Feature requirement: Define and implement Folio local username/password management policies and workflows.

Assumption

Assumption from UM SIG has been that only FOLIO operators need passwords.

Feature covers the following

Valid Password requirements
Validate password against bad password list(s) / dictionary(ies)
Log/Audit password (failed)
Support locking out a user who failed to login after successive attempts
Password strength meter
Workflow: Create Password
Workflow: Reset Password
Workflow: Change Password
Workflow: Locate my username
Ensure a user with SSO enable cannot have a local username/password

Mockups

Kimie mockups: https://drive.google.com/drive/folders/0By8ccf5VV4EWNnppQkRGSHZuSjg

TestRail: Results

Attachments

Issue Links

relates to

MODLOGIN-30 Update Status Field to also control access to Folio with local username/password

Closed

MODLOGIN-33 Prevent Local Password Re-Use (at least the last 10 passwords)

Closed

MODLOGIN-35 Select a bad password list(s)

Closed

MODLOGIN-36 Security: Logging to support local password management (Technical design)

Closed

MODLOGIN-41 Backend - Security: Handling: Failed login attempts - Lock Account

Closed

MODLOGIN-42 Security: Counting Failed login attempts

Closed

MODLOGSAML-32 Update Status Field to also control access to Folio via SSO

Closed

MODPWD-51 Implement a bad password list(s)

Closed

MODTEMPENG-5 Reset a Password Email Template

Closed

MODTEMPENG-8 Create a password email template

Closed

STCOR-275 Folio Login: Forgot password page

Closed

STCOR-276 Folio Login: Forgot username page

Closed

UIMPROF-2 Create My profile landing page

Closed

UIMPROF-3 Create Change Password page

Closed

UIMPROF-13 Change Password: Prevent Local Password Re-Use (at least the last 10 passwords)

Closed

UIP-1 Figure out UX for settings vs. preferences

Closed

UIU-344 Can't Create a New User Unless You Specify a Password

Closed

UIU-508 Data Feed: Add a flag to indicate if the user record can have a local password

Draft

UIU-513 Update Status Field to also control access to Folio

Closed

UIU-514 All passwords stored must be encrypted (Change Password verification)

Closed

UIU-515 All passwords must be encrypted on transit

Closed

UIU-519 Technical Design: Generate a Create/Reset Password link

Closed

UIU-521 Forgot Username email

Draft

UIU-522 Edit User Detail Record: Display a Reset Password Email link

Closed

UIU-564 Security: Logging Change Password Updates

Draft

UIU-589 Edit User Detail Record: Display Send a create password email link (Frontend + Backend)

Closed

UIU-590 Frontend: Security: Handling Failed login attempts via Folio Login Screen - Lock Account

Closed

UIU-591 Frontend: Indicate on User Detail record that the User is inactive due to failed login attempts

Closed

UIU-595 Create/Reset Confirmation Modal : Copy link functionality

Closed

UIU-596 Folio Login Page: Display a Forgot username link

Closed

UIU-751 Edit User Detail Record: Display a Reset Password Email link (wire backend to frontend)

Closed

UIU-1120 Validate password when creating a user

Closed

UIU-1506 Edit User Detail Record - Does not send a create password email when no password is present

Closed

FOLIO-1233 Implement refresh tokens

Closed

FOLIO-1359 Ensure that password and PII are secured while in transit

Closed

FOLIO-1371 API Design: A Folio module to send and format emails.

Closed

MODLOGIN-38 Technical Design: Local Password Rules Parameters/Configuration

Closed

MODLOGIN-86 Create/Extend password storage to support retaining last 10 changed passwords a user has saved

Closed

MODNOTIFY-33 Extend mod-notify to support sending password creation/reset/changed password emails

Closed

MODTEMPENG-1 Generate a Change Password email

Closed

MODUSERBL-40 Create/Reset Password link validation

Closed

MODUSERBL-41 Create/Reset password submission

Closed

STCOR-273 Local Password Management: Create/Reset a Password Screen

Closed

STRIPES-541 Create ui-myprofile module

Closed

UIMPROF-4 Access Change my password from Folio Top Toolbar

Closed

UIMPROF-5 If change password is successful then keep Folio session and do not force user to log out

Closed

UIMPROF-20 Implement a Password Strength Meter

Closed

UIU-516 Spike: Select a Password Strength Meter

Closed

UIU-748 Successfully changed password confirmation page

Closed

(44 relates to)

Activity

People

Assignee:: Khalilah Gambrell

Reporter:: Cate Boerema

Analysis Estimator:: Khalilah Gambrell

Front End Estimator:: Jakub Skoczen

Back End Estimator:: Jakub Skoczen

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 18/Jan/18 1:21 PM

Updated:: 16/Sep/20 9:17 PM

Resolved:: 15/Jan/19 5:08 PM

Local password management