AlayaCare Cloud has several product features designed to offer a safe, secure browsing experience to our users. This article serves as a repository of links to all feature and instructional articles on our password security features and policies.
⚠️ We highly recommend that you follow this article for the latest improvements and changes to our password security features. Click on the "Follow" button above to stay tuned to the latest updates. ⚠️
- Overview of Features
- Secure Password Policy Feature Flag
- Password Expiry Interval
- For system administrators
- For care workers
- Security management specific to Family Portal users
- SSO ("Single sign-on")
- Biometric Authentication
- Frequently Asked Questions
Overview of Features
Features available to tenants who have requested password and security strengthening features are as follows:
- Tenant log in URL remains the same but the log in page is redirected to a keycloak realm specific log in url
- Requirement/reminder of creating a strong password (8 characters, 1 capital letter, 1 lower case letter, 1 digit, and 1 special character)
- Forgot Password functionality
- Remember my email functionality
- Idle session and max session duration management for web and mobile
- The ability to log in via the careworker’s mobile app through a web view
- Careworker’s app refresh token adoption
- Multi-factor authentication
- Authenticator Application
- Email OTP
- Self Serve SSO Configuration
Secure Password Policy Feature Flag
The feature flags accessible via Settings > Features allow system administrators to enable and disable certain features depending on an organization's needs. A Secure Password Policy feature flag is available so that users in the organization can create more complex passwords.
This feature flag requires users to create a password that contains:
- at least 8 characters
- at least 1 capital letter
- at least 1 special symbol
Turning on the feature flag will not affect current passwords as they will remain active. Users within the organization will still be able to log in with their passwords once the secure password policy is enabled.
Refer to this article for more information on our feature flags.
Password Expiry Interval
It is highly recommended that all organizations set up a Password Expiry Interval for its users. This setting is accessible via Settings>System Settings>Safety & Security, and is used to set the number of days after which a user will be asked to change their password.
If an organization has enabled both the secure password policy feature flag and has configured a password expiry interval, once the expiry interval is reached, users who have yet to update their password will not be able to log into their account on either mobile or web. They must then confirm their existing password and create a new, policy-compliant password.
Currently, there is no reminder notification for the password expiry interval. Users will be automatically notified to update their password when the interval is reached.
Refer to this article for more information on the password expiry interval.
For system administrators
- How do I configure Password Expiry at the System level?
- How do I change/reset an Employee username and password on the web?
For care workers
- Type of permission needed to change password from the mobile app
- How do I change/reset my password on mobile?
Security management specific to Family Portal users
SSO ("Single sign-on")
SSO is available only upon request. Please contact your account manager for more information.
Biometric Authentication
Please note that Multi-factor authentication (MFA) is not currently available. We encourage users who are interested in enabling MFA for their organization to share your thoughts on our Ideas Board, accessible via our community form. To learn more about AlayaCare's community forum, refer to this article.
Frequently Asked Questions
If I forgot my password or locked myself out of the system, what can I do?
Please contact your organization's system administrator to change your password for you. Only Family Portal users can reset or update passwords on their own.
How do I change my own password?
You can change your password if you are currently logged into AlayaCare Cloud. You must otherwise contact your organization's system administrator to change your password.
In order to offer a browsing experience with optimal security, we do not currently have a "forgot password" feature on the login screen. We are currently working on a self-served password feature where users will be able to change their own password, whether logged in or not. Stay tuned to this space for news and updates on this feature.
Comments
0 comments
Article is closed for comments.