Table of Contents

Force Users to Reset Their Passwords

Danielle Kellogg Updated by Danielle Kellogg

Scenario

You want to force users to reset their password the next time they log in.

This can be accomplished using page rules and record rules. Depending on your plan, this requirement may also be accomplished by using a built-in Knack security setting.

Requirements

Users will need to be activated in your app.

If this your first time creating an app, you'll need to know some basics about adding objects, fields, pages, and views. You can start by reading our Builder Basics section

Other good resources can be found in our designing the database and building pages sections of the knowledge base.

Steps

Field to Track Who Needs to Reset Their Password

Start by creating a Yes/No field to track which users should be resetting their passwords. The field needs to be added to the main object at the top of the User Roles section in the builder and can be called something like "Reset Password?" or "First Login?":

The Accounts object may be called something else in your app. As long as you add the field to the top object in the User Roles section, you'll be able to implement the steps in this article.

If you want all new users to have to reset their passwords, then you can set the default value to "Yes" in the field you created:

Page for Resetting Their Password

Now that we've established how we'll track which users need to reset their passwords, we'll need to set up a page where users will go to reset their passwords.

This can be a new page you create or an existing page. 

Creating a new page

To create a new page for resetting passwords, click the green "+" button next to User Pages in the Pages section of the Builder.

In the page creation wizard, you'll want to use the following settings:

  • For user access: Give permission to all users
  • Then name your page whatever you like

Now click on the form that was created on your new page to open the form editor. Add the Password field to the form.

With the password field, you can choose to allow users to reset their passwords one of two ways:

  1. Require the user to enter their old password before setting up their new password.
  2. Require the user to enter a new password only.

To set either option, edit the password field by clicking the pen icon on the field in the form preview and check the appropriate boxes from the Password Actions.

Using an existing page

Many users have the default Account Settings page in the user pages section, which is already set up for users to reset their passwords:

If you want to use another existing page, then you'll want to be sure that it includes a form like the one created in the "Creating a new page" section right above this one.

Page Rule to Redirect Users

With the reset password page created, we'll need a way to prompt users to reset their passwords the next time they log in. This can be done using a page rule on the page(s) where users can log in.

For example, in our Members Directory app, we have two pages that require a login: Members and Admin. So we're going to add a page rule to both pages.

The page rule will redirect any users who need to reset their passwords to the page created for resetting passwords. To add a page rule to a page, select the page from the page tree and then click on the Rules tab at the top.

The page rule will have the following settings:

  • When Accounts > Reset Password? is Yes (you'll select the field you created in step one)
  • Action Redirect to an existing page
  • Page Reset Password (you'll select the page you created in step two)

Record Rule to Update Users

Finally, we need to mark the users who've reset their password so they're not redirected to reset their passwords again the next time they log in. This can be done using a record rule on the reset password form.

To add a record rule, go to the password reset page you created and click on the password reset form to open the editor.

Select the Rules section in the view editor and then click on the Record Rules tab.

The record rule will have the following settings:

  • Action Update this record
  • When Every form submission.
  • Values Set Reset Password? to a custom value No

Optional Feature

Page Rule to Show Message on Reset Password Page 

You may also want to consider adding a second page rule & action to this workflow to ensure that your user know what to do when the arrive at the Reset Password page.

  • When Accounts > Reset Password? is Yes
  • Action Show a Message
  • Message "You must set a new password." (or similar).

How did we do?

Save a User's Payment Method

Contact