Admin User - Password Management Scenarios DRAFT (WIP)

Owned by Former user (Deleted)
Last updated: 15 Dec 2017
2 min read


There are 2 scenarios whereby password reset needs to be completed for a TIS user

  1. Forced Password reset on first login - TIS users may already have a login to Intrepid, this cannot be transferred across to TIS so they will be set up as a new user within TIS. When this is done, they will be required to set up a secure password.
  2. Forgotten Password - TIS users may find themselves unable to login as they have forgotten their password, they will be able to request a password reset directly.


Scenarios

Process NamePM - 1 Force Password ResetComments
DescriptionTrigger to request user resets their password for first login into TIS
Actors

TIS Development Team

TIS Admin Team

TIS user (all types)


Pre-Conditions

User account set up in TIS

User email known


Post-ConditionsPassword changed on first login
Process Steps
  1. Define users
  2. Select to send auto generated generic password to all
  3. Send password via email
  4. User clicks login link in email
  5. System presents login screen
  6. User enters username and auto generated password
  7. System prompts user to change password
  8. User enters new password twice
  9. System confirms changed password
  10. System logs user into TIS

Alternative Process

PM-2 User loses the email / temporary password does not work; request password reset


Rules
  • Auto generated password must not be displayed to the TIS Dev Team or TIS Admin Team
  • New password must contain: letters and numbers in any combination
  • Auto generated password does not expire
  • Present error message where incorrect password entered
  • Present error message where incorrectly formatted new password entered
Joanne Watson (Unlicensed), Alistair Pringle (Unlicensed) - please confirm rules
JIRA Reference

Audit



Process NamePM - 2 Request Password ResetComments
DescriptionUser requests to change their password directly in TIS 
ActorsTIS User
Pre-Conditions

User account set up in TIS

User email known


Post-ConditionsPassword changed
Process Steps
  1. User navigates to login screen
  2. User selects "Forgotten Password" link
  3. Request triggers password autogeneration
  4. System sends password via email
  5. User clicks login link in email
  6. System presents login screen
  7. User enters username and auto generated password
  8. System prompts user to change password
  9. User enters new password twice
  10. System confirms changed password
  11. System logs user into TIS

Alternative ProcessN/A
Rules
  • New password must contain: letters and numbers in any combination
  • Present error message where incorrect password entered
  • Present error message where incorrectly formatted new password entered
Joanne Watson (Unlicensed), Alistair Pringle (Unlicensed) - please confirm rules
JIRA Reference

Audit

Process NamePM-3 User Changes PasswordComment
DescriptionUser is able to decide to change their password at any timeDo we want password changes to occur every so often?
ActorsTIS User
Pre-Conditions

Post-Conditions

Process Steps

Alternative Process

Rules

Jira Reference

Audit




Slack: https://hee-nhs-tis.slack.com/
Jira issues: https://hee-tis.atlassian.net/issues/?filter=14213