Setting global default password

Where would you find the setting to set/reset the default password in the Epicor admin console? More so, after using this ‘Reset Password(s)’ button, where is the setting of this password that is used with this feature?

After reset password for users, On very first login it will ask to set the new password.

Yes, but what password is used on the first login, after resetting? My assumption is that setting the default password for that feature is somewhere in the Epicor Admin Console.

Epicor generates a new password for each user.

Having a global generic password is a serious security risk. Someone could reset their password, learn the global password. Later, a threat actor could gain access to the CFO’s email and get financial information useful to set a ransomware amount.

The industry is moving away from passwords. You can do that with Azure AD (right now the only Identity provider that works with Epicor/Kinetic) but there are others like JumpCloud and Okta.

1 Like

Thanks for the reply @Mark_Wonsil.

Where would I obtain the password that is generated?

Epicor will generally email your new password to the email address attached to the user. I recommed you reset passwords from User Maintenance screeen and not Admin Console though.

1 Like

When you click enable or rest a user’s password from User Account Security Maintence, a dialog box pops up with the email address of the user and when you click OK, it sends the password directly to that email address.

In good operations practice, the system admin should never know the user’s password. One of the Zero Trust tenets is least privilege and there’s absolutely no reason for anyone to know a password other than the user. Otherwise one has invited themselves into a position of suspicion.

As Jose said, use User Account Security Maintenance. The Admin Console is generally only used when a company needs to recover the MANAGER password.

1 Like

@josecgomez & @Mark_Wonsil Thanks you guys! Turns out, the password was being sent to the users, they just couldn’t find the email in the spam folder.