In order to improve on our security best practices we’ve made a few workflow improvements to the new user creation and password reset in StrikeTracker.
Starting today, StrikeTracker admins can create users with arbitrary names as long as they are unique. They can then potentially use the same email address for multiple user profiles.
This will allow, for instance, a read-only API user and a user with administrative privileges to be maintained from the same email account.
We removed the uniqueness constraint on email addresses so that we can enforce a valid email address via our new user workflow. Now, during new user creation, administrators will no longer be prompted to create a password for the user.
Instead StrikeTracker will send a welcome email to the newly created account’s email address with instructions for validation and password creation. For this reason, it’s important that administrators use a correct, routable email address during user provisioning or else the user will be unable to log in.
If you are a re-seller, API customer, or prospect of ours and would like more information on how to institute a similar process, please contact your account solutions engineer for details.
By Bradley Andrews, Product Director