Onboarding is one of the main use cases for BetterCloud customers. A potentially overlooked—but critical—part of the onboarding process is setting a temporary password for the user and requiring them to change it after their first login.
This simple step is a foundational element of effective identity and access management for a simple reason: It ensures the identity is reliable.
If a user is the only person who knows the password to their account, then they cannot deny responsibility for the actions taken with that account. This is known as nonrepudiation, and it is one of the key concepts in information security.
When IT administrators use BetterCloud to set passwords for new users or reset passwords for existing users, the nonrepudiation for the user activities is preserved because “Require password change on next login” is set by default for Google G Suite and Microsoft Office 365 users.
Okta automatically requires temporary passwords be changed at the next login, so this specific option cannot be set in BetterCloud for Okta users. However, you can choose whether the user or admin sets the password upon Okta user account creation.
There may be good reasons to disable the requirement for password change on next login, but leaving the default setting provides several advantages for security and incident management.
The advantage of preserving nonrepudiation for security was already covered. In terms of incident management, secure passwords enable reliable incident investigation because the user attributes can be trusted when nonrepudiation is preserved. They also protect IT administrators from being suspected of abusing their privileges, which helps to ensure they are viewed as part of the solution and not part of the problem.
In BetterCloud, you have the option to filter and review the audit logs for any password changes made by IT admins in your organization who have access to the BetterCloud platform.
The default settings in BetterCloud enable customers to benefit from these advantages. Make sure there is a good business case for giving them up before you change them.