2020-04-29 User Management Meeting Notes

Owned by Maura Byrne
Apr 29, 2020
3 min read

Meeting URL

https://zoom.us/j/488543197


Date

29 Apr 2020

Attendees

Maura Byrne

Uschi Klute

Jana Freytag

patty.wanninger

Brooks Travis

Catherine Smith

Philip Robinson

Khalilah Gambrell

Nancy Burford


Goals (Agenda)

  1. Continue discussion regarding password fields in the User record, especially when it comes to adding a user directly into FOLIO that isn't part of a central IdP.
  2. Update on password strictness
  3. Update on Custom Fields

Notes

Agenda item 1 - How to set or reset a password in the UI, especially for someone who is not in the institutional IdP.

  • People reported trouble using the "reset password" email link for setting up new users in FOLIO.
    • There is no longer a password field in the UI, or at least it will be gone by the Goldenrod release.  No one will be able to set a password in the Users module.  That will have to be done by clicking on the "reset password" email link.
    • People who have tried to use the link have not had success, either in getting the link or using it to reset a password.
      • We learned that this is a result of loading a user via the API rather than the UI.  Users are added with the password having a NULL value, which can't be overwritten by the code in the link. 
      • There was some discussion of removing the password field entirely.
    • The text on the button and in the email say that it's resetting a password.  For newly-created users, that's a confusing term for staff and for users.
    • Patty was able to log into the sandbox, create a user, and then use the email link to set the password.  (She copied it and pasted it into a new browser tab.)
    • There might be a demo on this in the spring.

Action item/Result

  • The requirement, as stated by Uschi and Jana is the following:
    • Patrons should be able to enter the Library from off the street, unaffiliated with an institutional IdP, and set up a user record so they can access the Library's resources.
      • Chalmers has set up an app that allows a user to enter their personal information, and email themselves a change password link.  That process might suffice for those who want this function.
      • This app also stores the password itself, bypassing the password rules in the Users module.
  • USEFUL INFORMATION:  If a FOLIO user record is part of an institutional IdP, and the user can access FOLIO through SSO, they can also use another password in the user record.  The password field in the User record does not have to be blank to use SSO.

Agenda item 2 - Report on strictness of password requirements

  • Prior to Fameflower, password rules were very strict, disallowing the following:
    • characters next to each other on the keyboard (asdf, qwer, etc.)
    • repeating characters (wwwwwwww)
    • white space ('what ho', 'O! Pioneers')
  • Now each of these strictures can be configured at the tenant level.  Each tenant can open up or lock down as it sees fit.


Agenda item 3 - An Update on Custom Fields

  • There has been a great deal of work done on Custom Fields - Adding them, editing them, how they would work.
  • Khalilah said that User Acceptance Testing should be happening in about two weeks, and she would greatly appreciate volunteers to test them.  Contact her directly if you want to participate.
  • Patty brought up the idea of using Department as a Custom Field, as a proof of concept and also take care of the User Stories related to hard-coding Department to all User Records.


Credit where it is due

While Khalilah was demonstrating Custom Fields, we discovered that the panes in a FOLIO record are resizeable.  Everyone was very happy to see that.  John Coburn is responsible for that improvement.