Details
-
New Feature
-
Status: Closed (View Workflow)
-
P2
-
Resolution: Done
-
None
-
None
-
customfield_11200 15089
-
Medium < 5 days
-
XL < 15 days
-
Large < 10 days
-
KG: 5/30/2018 Updated what feature covers. Probably need to re-estimate Frontend and Backend.
-
Vega
-
-
R1
-
R1
-
R5
-
R4
-
R2
-
R1
-
R1
-
R1
-
R4
-
R1
Description
Feature requirement: Define and implement Folio local username/password management policies and workflows.
Assumption
Assumption from UM SIG has been that only FOLIO operators need passwords.
Feature covers the following
- Valid Password requirements
- Validate password against bad password list(s) / dictionary(ies)
- Log/Audit password (failed)
- Support locking out a user who failed to login after successive attempts
- Password strength meter
- Workflow: Create Password
- Workflow: Reset Password
- Workflow: Change Password
- Workflow: Locate my username
- Ensure a user with SSO enable cannot have a local username/password
Mockups
Kimie mockups: https://drive.google.com/drive/folders/0By8ccf5VV4EWNnppQkRGSHZuSjg
TestRail: Results
Attachments
Issue Links
- relates to
-
MODLOGIN-30 Update Status Field to also control access to Folio with local username/password
-
- Closed
-
-
MODLOGIN-33 Prevent Local Password Re-Use (at least the last 10 passwords)
-
- Closed
-
-
MODLOGIN-35 Select a bad password list(s)
-
- Closed
-
-
MODLOGIN-36 Security: Logging to support local password management (Technical design)
-
- Closed
-
-
MODLOGIN-41 Backend - Security: Handling: Failed login attempts - Lock Account
-
- Closed
-
-
MODLOGIN-42 Security: Counting Failed login attempts
-
- Closed
-
-
MODLOGSAML-32 Update Status Field to also control access to Folio via SSO
-
- Closed
-
-
MODPWD-51 Implement a bad password list(s)
-
- Closed
-
-
MODTEMPENG-5 Reset a Password Email Template
-
- Closed
-
-
MODTEMPENG-8 Create a password email template
-
- Closed
-
-
STCOR-275 Folio Login: Forgot password page
-
- Closed
-
-
STCOR-276 Folio Login: Forgot username page
-
- Closed
-
-
UIMPROF-2 Create My profile landing page
-
- Closed
-
-
UIMPROF-3 Create Change Password page
-
- Closed
-
-
UIMPROF-13 Change Password: Prevent Local Password Re-Use (at least the last 10 passwords)
-
- Closed
-
-
UIP-1 Figure out UX for settings vs. preferences
-
- Closed
-
-
UIU-344 Can't Create a New User Unless You Specify a Password
-
- Closed
-
-
UIU-508 Data Feed: Add a flag to indicate if the user record can have a local password
-
- Draft
-
-
UIU-513 Update Status Field to also control access to Folio
-
- Closed
-
-
UIU-514 All passwords stored must be encrypted (Change Password verification)
-
- Closed
-
-
UIU-515 All passwords must be encrypted on transit
-
- Closed
-
-
UIU-519 Technical Design: Generate a Create/Reset Password link
-
- Closed
-
-
UIU-521 Forgot Username email
-
- Draft
-
-
UIU-522 Edit User Detail Record: Display a Reset Password Email link
-
- Closed
-
-
UIU-564 Security: Logging Change Password Updates
-
- Draft
-
-
UIU-589 Edit User Detail Record: Display Send a create password email link (Frontend + Backend)
-
- Closed
-
-
UIU-590 Frontend: Security: Handling Failed login attempts via Folio Login Screen - Lock Account
-
- Closed
-
-
UIU-591 Frontend: Indicate on User Detail record that the User is inactive due to failed login attempts
-
- Closed
-
-
UIU-595 Create/Reset Confirmation Modal : Copy link functionality
-
- Closed
-
-
UIU-596 Folio Login Page: Display a Forgot username link
-
- Closed
-
-
UIU-751 Edit User Detail Record: Display a Reset Password Email link (wire backend to frontend)
-
- Closed
-
-
UIU-1120 Validate password when creating a user
-
- Closed
-
-
UIU-1506 Edit User Detail Record - Does not send a create password email when no password is present
-
- Closed
-
-
FOLIO-1233 Implement refresh tokens
-
- Closed
-
-
FOLIO-1359 Ensure that password and PII are secured while in transit
-
- Closed
-
-
FOLIO-1371 API Design: A Folio module to send and format emails.
-
- Closed
-
-
MODLOGIN-38 Technical Design: Local Password Rules Parameters/Configuration
-
- Closed
-
-
MODLOGIN-86 Create/Extend password storage to support retaining last 10 changed passwords a user has saved
-
- Closed
-
-
MODNOTIFY-33 Extend mod-notify to support sending password creation/reset/changed password emails
-
- Closed
-
-
MODTEMPENG-1 Generate a Change Password email
-
- Closed
-
-
MODUSERBL-40 Create/Reset Password link validation
-
- Closed
-
-
MODUSERBL-41 Create/Reset password submission
-
- Closed
-
-
STCOR-273 Local Password Management: Create/Reset a Password Screen
-
- Closed
-
-
STRIPES-541 Create ui-myprofile module
-
- Closed
-
-
UIMPROF-4 Access Change my password from Folio Top Toolbar
-
- Closed
-
-
UIMPROF-5 If change password is successful then keep Folio session and do not force user to log out
-
- Closed
-
-
UIMPROF-20 Implement a Password Strength Meter
-
- Closed
-
-
UIU-516 Spike: Select a Password Strength Meter
-
- Closed
-
-
UIU-748 Successfully changed password confirmation page
-
- Closed
-