Managing passwords

Users need a password to log in to Haiilo. Passwords can be encrypted in Haiilo's database, synced from a directory, or matched with an external service by OpenID. The way users are created determines how the password is stored. The instructions in this article apply to user accounts created locally or from a CSV file.

Users created as: Password stored in:
Local users created on the platform Haiilo's database

Imported from a CSV file

Haiilo's database

Synchronized from a user directory (e.g., Microsoft Entra ID)

Your company's user directory

Users synchronized from a user directory use the password from your directory. Haiilo cannot see or overwrite their password. The rules for your user directory determine password requirements, including the frequency of password changes. If a user forgets their user directory assigned password, they need to contact your internal IT department for assistance.

Set a password

As a user

As a local user or user imported from a CSV file, you are prompted to reset your password on your first login. You need to set a password that meets Haiilo's password policy: at least six characters including one number. 

Later, you can change your password in your account settings if you have "Manage account settings" permission.

You can change the password policy using Haiilo's API. After this, your defined policy is used for your platform instead of Haiilo's policy. In this case, it's recommended that you update the password requirement messages by changing the interface translations.

As an admin

As an admin, you can set a password for a user as follows.

  1. Go to Administration > User management > Users
  2. Search for the user and select Edit
  3. Set a password that meets the requirements
  4. Share the password with the user
  5. When the user logs in with the password, they are asked to set a new password.

admin set password.png

Reset a forgotten password

You can select Forgot Password? on the login screen if you have forgotten your password. You are presented with two options:

  • Yes, send me a recovery link: You can receive a recovery link to your account email address. Enter your email address in the provided field and request the link. The link is valid for one hour. You can only receive a recovery link email if your account has been activated on the platform and has an email address attached to it.
  • No, please contact me: You can ask a superadmin to get in touch with you. This option is intended for users without a permanent email address on the platform. Enter your contact details so that a superadmin can contact you.
    • The user receives a confirmation that their contact details have been forwarded to the superadmins.
    • The superadmins receive an email notification that a user has requested a new password. The email contains the user's contact details. The superadmin can manually set a new password for the user.

Was this article helpful?