How Users can reset their own password using the 'Forgot Password' link on the Login page:
- Navigate to your organization's unique Litmos login page.
- Select "I've forgotten my username/password" link located below the Login button.
- Enter your Username and click "Continue".
- An email will be sent with a link to reset your password and log into the system.
Note: Once the link in the password reset email has been used, it will expire. To login to Litmos after your password has been reset, login with your username and (new) password.
How a User Can Reset Their Own Password while Logged In:
- Click "My Profile & Settings" from the top right of the screen.
- Click the "Edit my profile" link from the right.
- Type your old and new password in the Password and Confirm password fields.
- The system will log you out and you'll be able to log in with the new password.
Note: The restriction for passwords is eight characters, one uppercase, one lowercase, one number, and one special character.
How Administrators can manually reset a User's password:
- Navigate to the People tab.
- Select the name of the Person.
- From the right side, select Options, then Reset password.
- At this point you have two options:
- Email a Link: Send a reset password email to this person with a unique link to login and reset their password.
- Reset Password: Manually enter a new password in the Reset password section and tell the user what it is (no email will be sent to the user).
An account will lock after 5 failed login attempts with incorrect username or password combination.
How a User can unlock their own locked user account:
The learner sees a pop-up link that says: 'Your account is locked. Please use the link to reset your password'. The user will click the link and enter their correct username and a reset link will be emailed to the learner.
How an Administrator can unlock a User's locked account:
To reset the user's locked account, and Administrator needs to reset the learner's password manually from within the People tab as outlined in the section above.
Passwords can be set to expire after a predefined interval. The default interval is 90 days, but this interval can be configurable by the Account Owner at: Account Settings,>Login,>Login Expiration. If the default interval is not configured to a specified interval (min = 30 days, max = Never expires), then the first time any user will be required to change his/her password will be on the 91st day. This password change interval is enforced from date any user changes his/her password.
Note: If an Administrator resets a user's password, the user will be forced to change the password on the next their login attempt.
Users are not allowed to reuse any of their previous 5 passwords. Account Owners now have a new setting to manage password re-use, and can specify the minimum and maximum re-use limits (min = 3, max = 10).
Strong Password Requirement:
Strong passwords are enforced for all users. If a user’s password currently does not meet the minimum security standard for strong passwords (1 upper case, 1 lower case, 1 number, 1 special character, minimum 8 total characters), then that user will be required to meet these password security settings the next time the user updates his/her password.
Configurable Login Settings available to the Account Owner:
The following configurable login settings are available to the account owner in the
Account Profile -> Login Settings:
Password Expiration FAQ:
Do I have the ability to turn off the password expiration for users?
Yes, there is an option to turn off the password expiration by selecting the 'Never' option. However, for SAML SSO and Google integration authentication the Litmos password expiration does not come into effect.
Will users get an email notification to reset their password before it expires?
There is no email notification sent for password expiration. Instead, users are notified of the pending password expiration from the Litmos login page starting 7 days prior to date of expiration.
Are users required to reset a password if they authenticate via SSO?
No. Authenticating via SAML SSO or the Google integration authentication does NOT require any password resets. However, if an Administrator changes a password manually in Litmos, the user would be directed to the welcome page to create a password.
Will users be prompted to reset password on the Mobile App?
If users login via the Litmos Training Mobile App currently, they will not be prompted to change password but will be authenticated into the app. This is subject to change.
Login via a mobile web browser on an iOS or Android device, the user will be required to change their password upon password expiration and will be required to re-enter their login credentials with the new password before you being redirected to the Litmos Training Mobile app if the 'Force launch into App' setting is turned on. If a user's password is expiring in X days, then clicking on the "Skip" option will simply redirect user to the Litmos Training Mobile app if the 'Force launch into App' setting is turned on.
Will users be required to update passwords if they are a SFDC user accessing the managed package visualforce page?
No. Useres logging in via Oauth token in the iFrame integration, are not subject to Litmos password expiration and resets.