3.1.1. Password Recovery

Prerequisites:

  • Only supports local users, not applicable to Active Directory / LDAP users where all their credential settings should be managed on Domain controller / LDAP server.

  • The feature authenticates local users via email to reset their own password (assuming user was registered with a valid email on MetaDefender Core, if not then user should update their email properly on User Management page), and therefore it is mandatory for MetaDefender Core's administrators to follow steps at 3.12. Configuring mail settings and ensure all SMTP configurations set properly beforehand. Otherwise, expecting users to hit following warning message when trying to reset their password:

images/download/attachments/39346431/image2019-5-3_12-52-19.png

How This Feature Works

Just in case MetaDefender Core user credentials are lost or forgotten, basically any local user (not AD / LDAP) will be supported to reset their password by either one of two methods:

  • Forgot password (active): Any local user can choose to reset their own password.

  • Reset password by administrators (passive): Any local user's password can be reset by administrators.

Both methods requires authentication via email, and force the affected user to change their password at the first login time for security reason.

Forgot Password

Any local user registered with email on MetaDefender Core should be able to reset their own password by clicking on Forgot password? link on login page.

images/download/attachments/39346431/image2019-5-2_14-29-3.png

Login page

You will be redirected to Recover Password page.

images/download/attachments/39346431/image2019-5-3_16-32-28.png

Forgot Password page

An email with password reset link will be sent to user's registered email entitled "MetaDefender Core Password Reset".

images/download/attachments/39346431/image2019-5-3_16-5-44.png

Email with link to reset password

If that user don't take any action, the link on email will be expired in 3 days, and since then if that user uses that expired link will result in following message on MetaDefender Core management console:

images/download/attachments/39346431/image2019-5-3_16-28-0.png

While the link is still valid, clicking on link will redirected to MetaDefender Core management console where user will be forced to create a new password:

images/download/attachments/39346431/image2019-5-2_14-53-23.png

Reset Password page

You will be automatically redirected to MetaDefender Core dashboard after resetting password successfully.

Reset Password By Administrators

As an administrator, you are now supported to reset password of any local user on MetaDefender Core, it could be either other local user (admin / non-admin) or even oneself.

Go to User Management → under USER AND GROUPS, choose which user to reset password → click RESET PASSWORD button

images/download/attachments/39346431/image2019-5-3_17-4-30.png

Admin to RESET PASSWORD

Then administrator must create a new password by clicking Generate link or typing any text in the text-box.

Click RESET PASSWORD button once done.

images/download/attachments/39346431/image2019-5-2_15-54-14.png

Admin to generate a new password

An email titled "MetaDefender Core Password Reset" will be sent to user's email. Please check the inbox to collect a temporary password.

images/download/attachments/39346431/image2019-5-3_16-7-48.png

Email with temporary password

When the impacted user tries to log into MetaDefender management console afterwards with the provided temporary password in the email at the first time, that user will be redirected to page where they are required to change their password.

images/download/attachments/39346431/image2019-5-3_16-36-55.png

Change Password page

Once successfully changed the password, the user will be automatically redirected to the MetaDefender dashboard.