| Table of Contents |
|---|
Summary
ClinSpark can be configured to support the ability for users to reset their own passwords. The implementation of feature set follows an industry best practice.
...
Note that this workflow does not apply for user accounts utilizing SSO login/authentication mechanisms.
Demonstration
...
Prerequisites
AWS SES
Starting in ClinSpark version 1.5.0, password reset is supported through AWS Simple Email Service (SES), and no longer relies on SendGrid.
The AWS SES configuration is managed by Foundry Health.
Google reCAPTCHA
Google reCAPTCHA site keys must be established for this feature, because it is used as an anti-spam protection.
This configuration is customer specific and must be put in place by Foundry Health ‘superadmin’ users. If you are unsure of the state of this configuration, please reach out via service desk for support.
...
Password Reset Email Template
A password reset email template must be configured. By default, all customer environments will have a standard (default) template established, so there is typically no setup required.
Additional details on this template are presented later in this article.
...
User Account ‘Email Address’
All users that wish to use the password reset feature must have a valid email address defined as part of their profile. Without a defined email address, the feature will not work.
...
If the password reset workflow is not working as described, there are some common error scenarios to review that may help resolve issues.
User waits too long to click the reset link in the email
The reset link provided will only be active for the amount of time defined as part of the system setup (timeout value). Users must click this link before it expires.
If this is a common occurrence, one consideration is to increase the timeout limit defined as part of the configuration under Administration > General Settings > Communications.
User clicks the link in the email multiple times
The reset link in the email (button and URL) is designed to only be accessed one time. After the link has been clicked, it cannot be used again. Users must re-initiate the password reset workflow from the ClinSpark login screen again if the link is no longer active.
Emails are flagged as ‘Junk’ or ‘Spam’
Password reset e-mails may be flagged as ‘Spam’ or ‘Junk’, depending on how filtering rules are applied for the user’s individual inbox or their organization’s mail provider. It is suggested that users be on the lookout for the password reset e-mails and mark them as ‘Not Junk/Spam’ if received as such.
Emails are never received into user inbox
Site organization mail providers have filtering rules in place that would intercept messages coming from an unknown domain or sender. While the password reset emails are safe and legitimate, site IT departments may need to ensure these emails are not blocked. Email messages may come from those defined as part of Administration > General Settings > Communications > E-mail.
Additionally, IT departments may need to whitelist emails and traffic coming from SendGrid, where password reset email links are routed.
Users cannot initiate the password reset workflow
There are some possibilities leading to this scenario:
Users do not have an email addressed defined in their ClinSpark account. A valid email address must be present on the user account requesting a password reset.
The system setting for ‘password reset timeout duration’ is not set. This setting must have a defined value in order for the password reset functionally to work.
Sites have the option of providing background images to appear at the ClinSpark login screen. Some background images may make it difficult to see the ‘reset password’ link once it becomes active. These images can be changed if necessary.
Modifying the email template
The default password reset email template present in customer configurations should be sufficient for all users of the application. It is based off the ‘Basic’ template layout provided by the Postmark open source project, present here: https://github.com/wildbit/postmark-templates
...