Over the weekend, we rolled out some important updates to our app login process. We made these updates for a few reasons:
- Bypassing issues with reCAPTCHA: in the last few weeks, we've had a handful of users become locked out of the application due to low reCAPTCHA scores. Our existing login process didn't have a fallback option for those scenarios. We needed to fix that, so we've added a secure token process.
- More secure password resets: Instead of sending randomly generated passwords in emails, we now email a one-time link when your password is reset. These links include the IP address of the password reset request, to be sure you're the one who requested it.
- More streamlined process for SAML logins: If you're using a SAML integration for login to app.knowledgeowl.com, that process has always been a bit clunky. These updates work to make this a bit smoother.
- Planning for the future: We want to enable two-factor authentication and we needed to shift to a login architecture that was more compatible with that.
App login process changes
Here are the changes you should see now for the app login process:
- Instead of entering your username and password on a single screen, you'll now enter your username first and click the Continue button before you enter your password:
- If the email you're logging in with is a regular app.knowledgeowl.com user, you'll then be prompted for your password. If you are a SAML user, you'll be seamlessly redirected to your SAML login URL.
- If anything seems suspicious with your login, we'll email you a security code which you'll need to enter before entering your password. So if you're one of the users who had reCAPTCHA issues, you might see this pathway.
Password reset changes
Here are the changes you should see now for the password reset process:
- If, as a user, you trigger your own password reset, you'll receive an email with a one-time link you can use to reset your password directly. No more having to copy/paste the new password or being worried you entered it wrong!
- If, as an admin, you trigger a password for another user, you can now choose between assigning a temp password of your choice or emailing the user directions to reset their own password. The directions to reset their own password leverages the same hyperlink structure for the user self-reset mentioned above: