Forcing a Password Rotation for All Users


    In scenarios where the ongoing security of your Sugar® instance must be ensured, an administrator may deem it necessary to force a rotation of all user passwords simultaneously and outside of normal password expiration policies. This article will review the recommended procedure to carry out a system-wide rotation of all user passwords.


    • You will need to be an administrator user.
    • Sugar’s outbound email server must be configured via Admin > Email Settings in order for Sugar to send system-generated password emails or reset password emails.
    • Users must have their personal email address configured in user preferences in order to receive system-generated password emails or reset password emails from Sugar.
    • Sugar must not be configured for SSO authentication (i.e. SAML or LDAP)
    • Valid email templates are associated with required options under the Email Templates section of Admin > Password Management

    Note: For more information on configuring your personal or the system email settings, please refer to the Getting Started or Email documentation.

    Steps to Complete

    1. Download the SugarCRM-Password-Reset module-loadable package.
    2. Navigate to Admin > Module Loader
    3. Click the Choose File button to select the SugarCRM-Password-Reset package, then click “Upload”.
    4. Click the Install button after the package is uploaded.
    5. Review the license agreement, choose “Accept”, and click “Commit”. At this point, the package will perform the following operations:
      1. Reset the password for all active and inactive users
      2. Send an email to all active users with a designated primary address with either the new password or a link to reset their password depending on your password settings under Admin > Password Management
      3. Log the summary of activity at the fatal level in the sugarcrm.log file.
      4. If any users are not sent an email, the failure will be logged at the error level in the sugarcrm.log file
    6. Once the installation reaches 100% completion, all possible user passwords have been reset.

    Note: If you need to force another rotation of passwords for your users, the package will need to be uninstalled via Module Loader and reinstalled.

    in Users, Roles, and Teams

    Reach out to us for help