Password expiration enhancement that needs votes - ER - 63948

Description

Currently, the system can only notify the employees/users of the system when so many days before their passwords expire via email. These emails are very confusing and cannot be modified (see enhancement request for this item). Our security policy is we will not send any emails to our team about passwords and could be used as phishing. If the employee/user enters their information three times or more, they are locked out of the system and then an admin must be contacted because the system is not telling them that their password has expired. The employee/user gets confused and states that they entered everything correctly but the system will not allow them in and this gets frustrating. We would request that Infor changes this process so that the employee/user is notified from the login screen that their password has expired. Many other software vendors do this so that the employee/user can control this change. It is all in their hands and no other notifications. This will cut down on any confusion plus make it easier for the employees/users of the system.

Work Around

There really is no work around other than the password expiring and dealing with the employee possibly locking themselves out of the system. Email notification are confusing, cannot be re-worded. The solution proposed would be easier on all involved with the software.

Proposed Solution

Tell the employee upon login that their password has expired and to reset it.

We would appreciate your vote. Thanks!

Find more posts tagged with

Infor Ming.le

Comments

Michele Wilborn

Here is the link to the ER - https://ers.infor.com/Ers/SoHoXi/Request/XiDetails.aspx?ced=true&erID=63948&AER=false&tbv=1

Rene Bottern

Hi Michele,
I'ma bit confused about this request, should this not be part of your AD (Active Directory = Microsoft) setup instead of a request to Infor to resolve?

Michele Wilborn

Hi Rene,

AD is not an option because 75% of our team use personal emails and these are not managed or supported thru AD. I am sure many other customers are the same situation as well. With this, it is very difficult to have one software to manage it all, therefore, we count on each software to offer a solution of its own. Currently all other software that we use offers notification upon login for password expiration. All we want this enhancement to do is to notify our team upon trying to login that their password has expired so that they will know to click on the forgot password to reset it. Again, I am sure there are a lot of other customers that believe this would assist their teams as well. I also believe it would cut down on employees accounts be locked and calls for assistance with their logins.

You may also be saying what about the email alerts and why would this not work. Due to security and trying our best to keep our team and company safe, we have stopped any email alerts about password changes because of phishing. I hate to say this but this is the world we live in today; therefore, we are doing everything we can to make sure we keep emails to a minimum especially about password changes and links to password changes but for the forgot password email this is different because the employee initiates it themselves and they know it is coming and what to look for.

I hope this helps and we can get your vote. Please share if you have additional questions. Hope you have a great day!!

Legacy Contributor

Ultimately, neither solution is correct. Infor should implement the open standard, WebAuthn (Guide to Web Authentication (webauthn.guide)) (otherwise known as FIDO2) to enable password-less authentication that eliminates the issue entirely. WebAuthn was developed by the W3C and leading technology vendors (Microsoft, Google, Apple, etc...) to solve password phishing and other issues around authentication for web-based applications and services.

Legacy Contributor

I am not attempting to hijack this post, but I am an Infor CSI Multi-Tenant Cloud customer and we do not currently have AD integration set up. I would be interested in doing this if I could pick and choose the users who should authenticate through AD. Is this possible? Also, does anyone have any documentation they would share on how to set this up?

Legacy Contributor

I believe you can do this, although it would be the reverse unless it has changed since we did this. Your users would need to choose how to authenticate at startup of the application. You can also control who can log in with just email if you would like to add in that layer. I'll search for some documentation and get that to you.

Legacy Contributor

Found the documentation!

Go to Ming.le Cloud Edition Online Help: https://docs.infor.com/mingle/12.0.x/en-us/minceolh/default.html
If you don't see the left navigation pane, be sure to click on the 3 horizontal lines in the upper left-hand corner to reveal it.
Click on the down arrow to the right of Infor Ming.le administration to expand options within this area.
Expand Manage Users options by clicking on the +.
Scroll down and click on Authentication URL Options to find the documentation associated with URL options. The actual URLs will be unique to your system, of course. If you want your users to choose how they authenticate each time they enter the system, the system administrator would choose the "Prompt for Authentication mode URL." Keep in mind that the user would be prompted each time they navigate to the URL to log in.
Even if you move to federated authentication, certain users may still authenticate with a Ming.le Identity if you provide them with the choice (with a Prompt) or if you provide them with the appropriate Infor Ming.le Identity URL.
To find out how to limit users who can log in with a Ming.le Identity, you will find the documentation under Settings>Infor Ming.le Identities (still under User Management).
Click on the + to expand the group and review the documentation associated with the "Configuration tab" and within that section, "Enabling a subset of users to log in with Infor Ming.le Identity."
Someone will need to maintain the list of users accessing this way to keep it up to date with the desired users.
And remember, security is important, so please make sure your security team and those administering the system have a full understanding of the above and any related implications.

The documentation above does not include how to set up AD authentication...that's a bit more involved and would require more in-depth discovery. Just wanted to let you know that what you were asking could be done.

Copyright © 2025 Infor. All rights reserved.