Simplify secure zone password setup for new users

…follow up question:
Can the ‘Secure Zone Details’ email and ‘Email Confirmation’ email be suppressed (ie: with a param in the action URL or a hidden field)?

…follow up question:
Can the ‘Secure Zone Details’ email and ‘Email Confirmation’ email be suppressed (ie: with a param in the action URL or a hidden field)?

There is no possibility to do this for now. But it can be taken to some improvement sprint if it will be in the public backlog requests :slight_smile:

The confirmation process requires user to get email notification with confirmation token. So only the person who this email account belongs to get access to that token.
But in order to verify the token - user need to go to the site with that token. This action actually confirms the user’s ownership of the email account.
That’s why confirmation page is required.

This is a standard security process for account registration flow.

Ok, I understand.
I guess if we later get the ability to suppress system emails, we can suppress the Secure Zone Details Email and reduce the amount of emails going out to the user.
I’ll write that up as a Backlog Request :slight_smile:

3 Likes

Apparently I’m in the wrong timezone. All the interesting conversation happens at night :slight_smile:

I was actually talking about the workflow of an admin adding a secure zone user, where they don’t sign up via a form with a password. It would be nice if the email a user gets when I subscribe them as a secure zone member would include the link to create a password.

Apparently I’m in the wrong timezone. All the interesting conversation happens at night :slight_smile:

I was actually talking about the workflow of an admin adding a secure zone user, where they don’t sign up via a form with a password. It would be nice if the email a user gets when I subscribe them as a secure zone member would include the link to create a password.

I’m thinking specifically about the case where I migrate over 200 users. It would be very tedious to open each user profile and click a button to send them an email to setup a password.

@Alex_B_Centrifuge
How about a solution when you just send a one time campaign asking to reset their passwords with a link to reset password page of the site?

Is it possible to create to insert a password reset link into an email campaign? If so I would just include that link in the “added to secure zone” confirmation email. i.e. You have been added to x secure zone. If you haven’t yet setup a password please do so now Setup password

@Peter-Schmidt Can you add this to the public baclog?

Sure thing @Alex_B_Centrifuge.
I was waiting for @Adam.Wilson to write it up :slight_smile:

Any further comments on this Adam, before I add it? :slight_smile:

Hey @Peter-Schmidt, I did post this a little while ago.
Not sure if it covers everything discussed here though:

@Adam.Wilson
Ahh - Sorry! Don’t know how I missed that one on my latest “update” - Will add it asap! :slight_smile:

Ha ha, I sneak them in when you’re not looking :wink:

1 Like

:rofl: I KNEW it :smiley:
Have to look harder :eyes:

All sites have system page /request-reset-password

By default it looks like http://prntscr.com/ppmnli

So you definitely can set it in that email campaign and any user can go there, paste their email and request password reset flow.

That seems like a good workaround for the time being.

It would be nice if we could include a link to the actual password setup page, rather than a page to request a password reset email.

The link to the reset password page is /reset-password.
In order for the link to be valid it should include a unique token that will allow to verify each customer and to reset his password. So there could not be a campaign with one same token for all customers in the mailing list.
That’s why there are currently only two ways to reset password:

  • Send campaign to reset password request page
  • Go through each customer in the admin and send password recovery email

The only thing I can suggest is to request via public backlog a feature that will be able to take a list of customers provided by the admin and send password recovery email to each customer in that list.

I’m setting up secure zones for the first time and am confused on the password setup process. I think what is being said is…

when clicking the “SEND LOGIN DETAILS” button from the CRM record you first have to send the user to’ /request-reset-password ’ where the user enters their email address only.

The user then gets sent another email that contains the ‘token’. They then click the link in that email that takes them to ‘/reset-password’ page where they can add a password.

I did try to bypass the first email but if you go straight to /reset-password you get taken to a 404 page.

Is this right?

Looks like the password is being updated but the user is taken to a 404 page. The form code is this:

form class=“system_form” action="/public/api/members/reset-password" method=“POST”

I thought I was getting 404 messages because I didn’t have a secure zone landing page but have now set that up and am still getting 404 page results when the form processes. How can I send the user to a valid page?

I found the solution for this. You need to add a hidden input field to the form.

<input type="hidden" name="redirectURL" value="/my-new-confirmation-page">

I’m still not sure why I’m getting 404 message on all the password reset forms though.