跳至主要內容
OCLC Support

Set / reset with temporary password

Allow Folio end users to request and reset their own passwords, so that library staff do not need to set the users’ passwords.

The Reset Password facility enables you to allow your users to set and reset their own passwords, so that library staff do not need to set the users’ passwords initially, and so that your users don’t have to divulge their password to library staff in order to log into Folio and use the end user services such as reservations and renewals.

The Reset Password facility can be configured in one of two ways:

  • to send an email containing a temporary password to the user, which the user then uses to log into Folio and set or reset his/her password on the Account Details screen
  • to prompt the user to set or reset his/her password directly

The first option is a much more secure option and is described here. Alternatively see set or reset password directly

Workflow in Folio

If you enable Reset Password in OLIB, the Set/Reset Password option displays on the Folio Logon form:

image1178.jpg

When the user clicks the Set/Reset Password link Folio requests their user barcode or "usual login field".

On entering the barcode, Folio then asks for their email address and other security question(s) you may have configured. On submitting the correct information, Folio responds:

Folio has sent you a temporary password that will expire in [24] hours

- depending on configuration settings

The end user would receive an email or SMS such as:

Your Folio temporary password is:

TEWT7KRQ2Z

This password is usable for the next 24 hours, until 22-Jan-2018 14:41.

The end user then logs in to Folio using their library barcode and the temporary password. They should access their Account details in Folio and double-click the Password field. Folio prompts them to enter a New Password and to Confirm Password.

Enable login option on the Folio menu

To make the Login option display at the top of the Folio screen, you need to check this setting is enabled, or enable it

  1. Go to OPAC> Configuration Settings.
  2. Use the search Configuration Settings by Setting to find allow_login.
  3. If the setting does not exist, click New Record to create it.
  4. Edit the following fields to include these values:
field Value
Ini File / Config Block g_menu
Value "Y" (encase in double quotes)
Include

 

To specify the name of the Login option

  1. Go to OPAC> Configuration Settings.
  2. Use the search Configuration Settings by Setting to find page_title_login.
  3. If the setting does not exist, click New Record to create it.

  4. Edit the following fields to include these values:
field value
Ini File / Config Block login
場景 page_title_login
Value "Login" (encase in double quotes)
Include

Password configuration on the login form

The following settings are required to configure the login form correctly, for example:

image1179.jpg

  1. Go to OPAC> Configuration Settings.
  2. Use the search Configuration Settings by Setting to find the following settings.
  3. If the setting does not exist, click New Record to create it.
  4. Edit the following settings to include these values:

 

場景 Purpose Fields 價值觀
password_required

Make the Password field mandatory on the Login form and set the text to display if someone is logging in without entering a password.

Note: Users without passwords in their User record will then no longer be able to log in.

The Login form will show a mandatory password field (*) as soon as the user clicks the Login option.

Ini File / Config Block login
場景 password_required
Value "You must enter a password to log in. If you have not yet set your password, ask a member of library staff for the temporary password, then click the Set/Modify Password link to set your own password"
Include?
password_reset_link Define the text of the Set/Modify Password link Ini File / Config Block login
場景 password_reset_link
Value "Set/Reset Password?" (encase in double quotes)
Include?
password_reset_allowed Configure the login form to display the Set/Modify Password link Ini File / Config Block login
    場景 password_reset_allowed
    Value true
    Include?

Configure a password reset email notice or SMS

A default example notice is provided.

  1. Go to Alerting> Notices.
  2. Search %password to retrieve either

Example Password Reset Email Notice

Example Password Reset SMS Notice

  1. Create a copy of the example and edit the Notice Text and Subject line of your copy as required.

 Do NOT set Enabled=Yes in this notice. OLIB will still send it to the user when he/she clicks the Reset Password option in Folio. (If you set Enabled =Yes, the message will be sent to the user every time the library edits their user record). 

Configure password reset validation details in OPAC Defaults

In Folio, these prompt the user for some information to validate themselves when they click Set/Reset Password.

  1. To configure these go to either:
  • System Administration> OPAC Defaults (system-wide)
  • OPAC> Password Reset Options (at Location level)

 

Field name 說明
Min. Validity (mins) Minimum time allowed between password resets
Max Validity (hours) Temporary password validity (before it gets ignored)
Temporary password complexity Letters only, numbers only, both, anything printable
Length Temporary password length
Potential validation fields

List of user fields to validate the password reset request. One or more from the following ending in semi-colon

postcode (for any address) - borrowers.note1-10 (labelled as security questions on account details) - last 4 digits of phone number (home, office or mobile) - barcode of an item currently on loan - outstanding balance - borrowers.identification

- an old password (by extending the User Update Audit Trail to record encrypted versions of old passwords: thus this is “from here on ...” and cannot be used for passwords the user had prior to OLIB9 SP6)

E.g:

postcode;phone;note1;

You can also include any column name from the BORROWERS table by adding “_” (underscore) to the column name. For example fname_ for the user’s forename. In addition, a more user-friendly label is preferably created for this in g_forgotten_password (fname_label setting) such as “Forename”.

A system secret string (see below) can be entered instead of or as well as other validation fields. To use this, enter the text

secret;

...followed by semi colon.

No. Fields to request Enter the number of user fields to request that should be validated (‘x’)
No. Fields to validate Enter the number of user fields to require correct validation (at least 1)
Password Reminder Field Optional configuration of a field (e.g. one of the note fields) for the user to store a password reminder comment. If this field is populated, display it as a hint for the password field on the login form. Do not allow the password reminder and the password to have the same value.
Preferred Notice, Alternative Notice To User Select a preferred alert notice to use and an alternative (if the user does not have suitable contact information for the preferred notice)
Notice to Library Select the notice that will be used if the user does not have suitable contact information for either notice.
  1. Next, go to OPAC> Configuration Settings.
  2. Select the search Folio Configuration Settings by Setting.
  3. Search usdetails (user details array).
  4. Open the "mailid" option (Value MAILID EM EMail address) and set Include=Y.

 Review "forgotten_password" settings

These can be found in g_forgotten_password and can be edited as required. These set the text of the headings for the various pop up boxes presented to the user when they click Set/Reset password.

Note, if a setting does not exist in g_forgotten_password you can create it in OPAC> Configuration Settings.

Go to OPAC> Ini Files / GCBs and search for g_forgotten_password:

場景 Value
email_label "Enter your student email address"
first_password "ask user" Set Include=No
passreset_page1_heading (setting ID 605882) e.g. “Please enter your user number and click ‘Continue’ to proceed”
passreset_page2_heading (setting ID 605881) e.g. “Please provide the requested information to confirm your identity, and click ‘Continue’ to receive a temporary password”
password_reset_advice

(setting ID 605850) e.g. “You have been sent a temporary password that will expire in 24 hours”

Change this to correspond to the time you specified in OPAC Defaults.

password_unrecognised_barcode If the user enters an unrecognised barcode when prompted, Folio displays the message "The user ID that you entered is not recognised. You must contact the library for them to assign you a valid user ID". If you want to change the message, create this setting in OLIB, with your preferred text contained in the Value field in double quotes. (Sequence 1=1, Sequence 2=0).
secret_label "Enter the temporary password you have been given by the library staff"
temp_password "ask user" Set Include=No

Note: where the above settings are requesting that the end user enters some private data, you can obscure this data while the user is entering it. Open the relevant setting and set Value 2 = "hidden".

Enable the option to allow users to set their password for the first time (g_forgotten_password)

Use the settings:

first_password set Include=No

temp_password set Include=No

Enable the prompt for email (g_forgotten_password)

You will probably need to create the setting email_label. This is the Email field presented to the user during reset.

Enter a random high number, e.g. 5298, in Sequence 1, and 0 in Sequence 2.

For temporary passwords (g_forgotten_password)

Optionally, create the setting secret_label, with Include = Y and with Value 2 = "hidden" (obscuring the text when the end user is entering the temporary password).

Configure Folio Account Details screen

The password entry and confirmation fields on the Folio Account Details screen will be required. This will allow users to change their password in Account Details after they log in to Folio.

  1. Go to OPAC> Configuration Settings.
  2. Select the search Folio Configuration Settings by Setting.
  3. Search for usdetails to display the options in the hitlist.
  4. Modify the one that relates to the password field (with “password" at the beginning of the Value field).
  5. Set Value to
"password E <view>Password</view><edit>New password:<br/>Confirm password:</edit>".
  1. Ensure that Include? = Yes, and save your changes.

Note: the above example includes the HTML line break tag (<br/>) immediately preceding the Confirm password string. Do not remove it.

(The text between the <view>…</view> tag is displayed when the Password field is displayed in read-only mode. The text between the <edit>…</edit> tag is displayed when the Password field is displayed in modify mode, i.e. after the user has double-clicked Password).


This completes the basic configuration for Set/Reset Password.