In scenarios where the ongoing security of your Sugar® instance must be ensured, an administrator may deem it necessary to force a rotation of all user passwords simultaneously and outside of normal password expiration policies. This article will review the recommended procedure to carry out a system-wide rotation of all user passwords.
- You will need to be an administrator user.
- Sugar’s outbound email server must be configured via Admin > Email Settings in order for Sugar to send system-generated password emails or reset password emails.
- Users must have their personal email address configured in user preferences in order to receive system-generated password emails or reset password emails from Sugar.
- Sugar must not be configured for SSO authentication (i.e. SAML or LDAP)
- Valid email templates are associated with required options under the Email Templates section of Admin > Password Management
Note: For more information on configuring your personal or the system email settings, please refer to the Getting Started or Email documentation.
- Download the SugarCRM-Password-Reset module-loadable package.
- Navigate to Admin > Module Loader
- Click the Choose File button to select the SugarCRM-Password-Reset package, then click “Upload”.
- Click the Install button after the package is uploaded.
- Review the license agreement, choose “Accept”, and click “Commit”. At this point, the package will perform the following operations:
- Reset the password for all active and inactive users
- Send an email to all active users with a designated primary address with either the new password or a link to reset their password depending on your password settings under Admin > Password Management
- Log the summary of activity at the fatal level in the sugarcrm.log file.
- If any users are not sent an email, the failure will be logged at the error level in the sugarcrm.log file
- Once the installation reaches 100% completion, all possible user passwords have been reset.
Note: If you need to force another rotation of passwords for your users, the package will need to be uninstalled via Module Loader and reinstalled.