Articles in this section

Force Users to Reset Their Passwords

Avatar
Odalis
Updated
Follow

Scenario

You want to force users to reset their password the next time they log in.

This can be accomplished using page rules and record rules. Depending on your plan, this requirement may also be accomplished by using a built-in Knack security setting.

Requirements

Users will need to be activated in your app.

If this your first time creating an app, you'll need to know some basics about adding fields and pages. You can start by watching our "Introducing Knack" video tour, and then reading through the Data: About Your Database and Pages: About Your Live App articles.

Steps

Field to Track Who Needs to Reset Their Password

Start by creating a Yes/No field to track which users should be resetting their passwords. The field needs to be added to the main object at the top of the User Roles section in the builder and can be called something like "Reset Password?" or "First Login?":

Note: The Accounts object may be called something else in your app. As long as you add the field to the top object in the User Roles section, you'll be able to implement the steps in this article.

If you want all new users to have to reset their passwords, then you can set the default value to "Yes" in the field you created:

Page for Resetting Their Password

Now that we've established how we'll track which users need to reset their passwords, we'll need to set up a page where users will go to reset their passwords.

This can be a new page you create or an existing page. 

Creating a new page

To create a new page for resetting passwords, click the +ADD button next to User Pages in the Pages section of the builder.

In the page creation wizard, you'll want to use the following settings:

  • For user access: Grant permission to every user
  • For which records: Accounts object (of whatever your main user role object is called)
  • For which views: A form to edit the object
  • Then name your page whatever you like

Now click on the form that was created on your new page to open the form editor. Add the Password field to the form.

With the password field, you can choose to allow users to reset their passwords one of two ways:

  1. Require the user to enter their old password before setting up their new password.
  2. Require the user to enter a new password only.

To set either option, edit the password field on the form and check the appropriate boxes from the Password Actions:

To see the complete process for creating a password reset page, take a look at this video:

Using an existing page

Many users have the default Account Settings page in the user pages section, which is already set up for users to reset their passwords:

If you want to use another existing page, then you'll want to be sure that it includes a form like the one created in the "Creating a new page" section right above this one.

Page Rule to Redirect Users

With the reset password page created, we'll need a way to prompt users to reset their passwords the next time they log in. This can be done using a page rule on the page(s) where users can log in.

For example, in our Members Directory app, we have two pages that require a login: Members and Admin. So we're going to add a page rule to both pages.

The page rule will redirect any users who need to reset their passwords to the page created for resetting passwords. To add a page rule to a page, select the page from the page tree and then click on the Rules tab at the top.

The page rule will have the following settings:

  • When Accounts > Reset Password? is Yes (you'll select the field you created in step one)
  • Action Redirect to an existing page
  • Page Reset Password (you'll select the page you created in step two)

Note: The Page Rules feature is only available on the Pro plan or above. You can learn more at our Pricing page here: https://www.knack.com/pricing.

Record Rule to Update Users

Finally, we need to mark the users who've reset their password so they're not redirected to reset their passwords again the next time they log in. This can be done using a record rule on the reset password form.

To add a record rule, go to the password reset page you created and click on the password reset form to open the editor.

Select the Forms Rules section on the left and then click on the Record Rules tab.

The record rule will have the following settings:

  • Action Update this record
  • When Every form submission.
  • Values Set Reset Password? to a custom value No

Optional: Page Rule to Show Message on Reset Password Page 

You may also want to consider adding a second page rule & action to this workflow to ensure that your user know what to do when the arrive at the Reset Password page.

  • When Accounts > Reset Password? is Yes
  • Action Show a Message
  • Message "You must set a new password." (or similar).

Related articles