Hello ST,

For security reasons we use one way encoding to ensure that member passwords are not stored on our servers, and cannot be recovered by ANYONE -- including us. As a result, we cannot send a user their existing password, and if a member cannot remember their password they have two options:

1.  They could go through the lost password process, as presented on the login page.
2. An administrator could change the members password by editing the members profile and using the change password tool on that page.

For option 2, the password that you would be confirming when setting the members password is the password for your account, not theirs.  Since you are changing a members ability to login, we want to confirm that you have access to your administrative account, which is why we require you to confirm your own password.

Does that make sense? I know that the admin changing a members password flow seems odd, so please let me know if I can clarify any further.

Cheers,

Jonmark

Hi, jonmark,

I'm sorry. I thought I had replied to you.  If I'm understanding you, there's no way to send a member their registration details (including the password) as we could in EVE.

Maybe this option is redundant or could be reworded.

We're using a Single Sign-On provider and they have a password reset routine that a member can initiate. 

It's not as handy as this sending the registration details was in EVE, but things change.

Thanks, Jonmark,

ST

Hello ST,

I apologize for overlooking the fact that your site is using OneCommunity. That changes things quite a bit, since your OC Server manages how the user logs in, which includes their password/authentication model.

As you mentioned, Gigya has their own password reset process, which is what would need to be used by the member in order to re-access their account. If, for whatever reason, the member is unable to use that process you would need to work with Gigya to determine how to grant that user access to that account again. Unfortunately, that is entirely outside of our control as I am sure you understand.

Regarding the old Eve data, and how Eve was able to resend passwords, Eve used a two way encryption on member passwords, so that they were stored securely, but we were able to get the original value to resend in emails. When we exported the member data, we got the original passwords, and SHA-256 hashed them when providing them to Gigya. Those SHA-256 values are one way hashed and we no longer have the original Eve data, so there is no way for us to get what that members original password was. Again, this all falls back to Gigya, since your login integration is completely handled by them now, as part of OneCommunity.

Finally, the "Resend Registration Details" action is listed in Manage Members because when a member joins your community through OneCommunity, we give the site the opportunity to provide useful information to the member through that welcome email. A lot of communities will include directions in their welcome message about where to start on the site, or some background on everything. Sometimes users will need/want to get a new copy of that email, which is why that action still applies to your site even though you are using OneCommunity.

I hope this information helps, and I hope that you and Gigya are able to get this user back into their account.

Cheers,

Jonmark

Hi Jonmark,

Hmmm OneCommunity... a new term for me. I must have missed a memo.

Thank you for the thorough explanation about the background and what is happening.

Please save me some hunting around and tell me how/where to edit the mail that goes out. 

"Finally, the "Resend Registration Details" action is listed in Manage Members because when a member joins your community through OneCommunity, we give the site the opportunity to provide useful information to the member through that welcome email. A lot of communities will include directions in their welcome message about where to start on the site, or some background on everything. "

Thank you!

ST

Hello ST,

And I must again begin with an apology, OneCommunity is an old Eve term, and in Hoop.la, you are probably more familiar with SSO.

If you look at the Registration Settings on your community you can see that you have your site configured to not send the "Registration Confirmation Email," but if you check that option it you will see a WYSIWYG editor appear, allowing you to set a custom message to appear in the welcome email.

Cheers,

Jonmark

Hi, Jonmark,

Thank you! This is great. I'll set up that custom message.

ST