Users need a password to log in to Haiilo. Passwords can be encrypted in Haiilo's database, synced from a directory, or matched with an external service by OpenID. The way users are created determines how the password is stored.

Users synchronized from a user directory use the password from your directory. Haiilo cannot see or overwrite their password. The rules for your user directory determine password requirements, including the frequency of password changes. If a user forgets their user directory assigned password, they need to contact your internal IT department for assistance.

The following instructions apply to user accounts created locally or from a CSV file.

Set a password

As a user

A local user or user imported from a CSV file is prompted to reset their password on the first login. Later, they can change their password in their account settings. They set a new password that meets Haiilo's password policy:

• A minimum of six characters
• At least one number

You can change the password policy using Haiilo's API. After this, your defined policy is used for your platform instead of Haiilo's policy. In this case, it's recommended that you update the password requirement messages by changing the interface translations.

If a user cannot change their password, ensure the user has the "Manage account settings" permission.

As an admin

As an admin, you can set a password for a user.

1. Go to Administration > User management > Users
2. Search for the user and select Edit
3. Set a password that meets the requirements
4. Share the password with the user
5. When the user logs in with the password, they are asked to set a new password.

Forgot a password

Users can select Forgot Password? on the login screen if they have forgotten their password. The user is asked if their user account has an email to receive a recovery link, and based on this, have to choose:

• Yes, send me a recovery link: To receive a recovery link to the email address of their Haiilo account. If this is chosen, the user enters their account's email to receive the recovery link. The link is valid for one hour. Users can only receive an email if their account has been activated on your platform.
• No, please contact me: To have a superadmin contact them. This option is intended for users without a permanent email address in Haiilo. They enter their contact details so that a superadmin can contact them.
  • The user receives a confirmation that their contact details have been forwarded to the superadmins.
  • The superadmins receive an email notification that a user has requested a new password. The email contains the user's contact details. The superadmin manually sets a new password for the user.