Learn on Demand Systems implemented enhanced account security for user accounts through central authentication with Microsoft Azure Active Directory B2C at 10:00pm ET on Saturday, February 13.

Posted below is a FAQ regarding this system update, please review in its entirety.


How will this mandatory password reset work?

This password reset is required for all accounts using an email address or username to login. Users logging in through Corporate Azure AD, Microsoft account or Google will not be prompted to reset their password. When the user logins to https://lms.learnondemand.net and/or https://labondemand.com, the user will be prompted to reset their password.

No password resets will be requested by Learn on Demand Systems outside of the user-originated reset.

 

What will the email verification look like to the users?

When a user visits https://lms.learnondemand.net or https://labondemand.com, the user will select existing login type between Corporate Azure AD, Microsoft account, Google and Sign in with email or username.

Users signing in with email or username will select the Reset Password option to trigger the password reset.

The user will enter the email address associated with their user profile and then click Continue. The user should then check their email account and click the verification link. The user will then be prompted to enter and confirm a new password.

After the new password has been added, the user will be logged into the platform.

 

Are there any password requirements for the updated password?

All new passwords must be “strong” as defined and implemented by Microsoft Azure Active Directory.

Password restrictions are as follows:

  • Minimum of 8 characters and maximum of 256 characters
  • Requires three out of four of the following:
    • Lowercase characters: a-z
    • Uppercase characters: A-Z
    • Numbers: 0-9
    • Symbols: @ # $ % ^ & * – _ ! + = [ ] { } | \ : ‘ , . ? / ` ~ ” ( ) ;

Microsoft Azure Active Directory defaults also apply for password expirations.

 

Will this exclude anyone who has created a password in the last number of days or prevent the use of any previous passwords used?

No, all local users must set a new password. Previous passwords can be used, provided that the password is “strong” as defined above.

 

What happens to an account that has an invalid email address?

User accounts with invalid email addresses will not be able to reset their password as the process relies on email verification by code (LOD) and link (TMS). Users who do not have a valid email address will need to create a new account or contact their internal operations manager to have a valid email address added to their profile.

 

How were passwords previously managed?

Currently, passwords are managed in LOD and TMS, respectively. After central authentication is implemented, password management will be conducted between the individual users and Microsoft Azure Active Directory B2C.

 

Will I have multiple logins and passwords if I use LOD and TMS?

No. After central authentication is implemented, a user will have one user name and password that can be used to access LOD and TMS. Users can have multiple accounts with Learn on Demand Systems, but they must all have unique email addresses that are valid. This works for central authentication local accounts as well as external identities. This creates what we call “Single Sign On (SSO)” within our applications. Login once and you are now verified to access LOD and TMS, provided that your organization has permissions for both platforms.

 

Will you support any additional identity providers?

This implementation will support Corporate Azure AD, Microsoft Account and Google as external identity providers. We will turn on other identity providers, such as Facebook, Twitter and LinkedIn, as need arises. The inclusion of additional identity providers in the future will not require a code change.

We also now officially support any OpenID Connect or SAML identity provider, including Auth0 and Okta.

 

Have additional questions? 

Questions regarding this change and your account can be submitted in a Support Ticket.