Changing the initial user password from the Client application

We are using active directory for user authentication and setting an initial password for every user. Is there a way to make or force the user to change their initial password once they log for the first time to the client?


Bump! Would love to know if this is an option today.

No this is not possible. In general, Ignition does not support writing data to AD. It is currently only capable of reading data from AD.

Hey @jspecht,

Are there other methods you’ve seen used with Ignition to accomplish this?

assign user accounts to gateway, but with no password and the first time the system sees their request to login, they are prompted to create password.

I have not personally seen someone solve this problem before in Ignition, not to say its not possible.

I could see how this might work with an Internal or DB user source profile. You could design your project so that on session startup, you’d check if the user has set their own password, and if not, then ask them to enter a new password, and use system functions to save the new password to the user in their user source profile.

How you know whether or not the user has set their password depends on the method you choose to store this information. You could assign a special role to the user if they have set their own password, as just one example.

If you are using an AD user source profile, you might have to link the user to a custom password reset page before allowing them through. Maybe the team which manages your AD instance already has such a mechanism. Maybe you can build this in Ignition using scripting and Java’s JNDI API, but be warned that it is an advanced undertaking.

Finally, if you are using an internal IdP to log into the AD user source profile, consider using an external IdP instead (such as ADFS) which has this password capability already, if that’s an option.