Episerver World's Authentication System is now moving to Azure
As Episerver World applies new technologies gradually, we've moved the authentication system to Azure portal. So you may say today Episerver World is "partly cloudy".
As a part of migration process, a strong password policy must be used for every account. Hence, we require you small steps to reset your credentials at first.
Please follow specific steps below:
1. Click Login as usual
2. You will be redirected to Microsoft login portal, we put an message there to alert you to reset your credentials.
Click Reset password? link to continue.
3. Fill in with your registered email and press Send verification code:
An email will be sent to your mailbox, paste it to Verification code input field and click Verify code:
5. Press continue
6. Select your password, there are several policies for security reason:
Press continue and you are ready to go!
Sometimes it might require you to re-login afterward. So please go ahead and stay happy. If you have any issue logging-in just let us know by emailing epw@episerver.com. Cheer!
A password policy where the password may not be longer than 16 characters won't be a strong password... But yeah, this limitation sadly comes from Azure AD (and O365), but stil.. https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/#longerisusuallystronger
Agree with Johan, that is not a modern policy and I could not use the password I wanted because it was to long.
Another thing to remember is that in the old system I had to use a email that was from an earlier employment but when doing the reset I had to use the current mail address.
I know that a lot of other people also have old email as the login email
I'm all for moving forward but implementing authentication changes and having the first point of awareness being this blog post or the little box when logging in is a little poor. If I were building this to a client I would have notified users of the change prior to the switchover, what if people have issues and can no longer post on world, that's very annoying.
Also does this mean ZenDesk is being moved to AzureAD too so we can have unified passwords rather than ones all over the place on different systems?
This change should have been communicated better before hand.
I had issue with my login with the automated creation - lost connection to my real profile because I used the email address registered to my account and not the "old" email username which was for my previous company I worked for ;-) Anyways, this was fixed quickly by Episerver, just needed to drop an email to the given email address in case having issues.
What I don't like about the new login is that it uses session cookie - so when you close your browser bye bye login cookie. I want to be logged in even if I close my browser, so that I don't need to login every day or every time I have closed my browser. Please give us back the option to "stay logged in".