About the new sign-in process in BoldChat
In a nutshell
- If you use the latest Operator client (version 15.2.6 or later) or you already use the client in SSO mode, you have nothing to do. To check the current version of your Operator client, go to Important: We highly recommend that you upgrade to the latest Operator client version by January 27, 2020. See How to update your BoldChat Operator client.
- If you want to use your older client version, which supports Single Sign-On (available from version 7.4), then follow the instructions in How to start the BoldChat Operator client in SSO mode.
Note: You must set up SSO mode on every BoldChat Operator client.
- If you use an Operator client version prior to 7.4, you must upgrade to the latest client version. Contact your Customer Success Manager for help.
Overview of the new sign-in process
LogMeIn migrates all customers to use a unique email address to sign in to all LogMeIn products, including all versions of BoldChat. This change modernizes our sign in process and simplifies it for users: you no longer have a separate username and email address. Having a common identity across LogMeIn products makes it easier for you to use our suite of solutions.
With the coming of the new sign-in process, BoldChat users may have to verify their email address and their password policy will also change. Operators and admins will have the following experience when they sign in:
If you also have access to multiple accounts, you will have to select that after signing in to BoldChat. Operators and admins will see the following window when they select a BoldChat account to work with:
How does your current password policy change?
You will no longer have the option to customize your BoldChat organization's password policy. If you still want to enforce a password policy, as an admin, you must enable it for your account and then each user must agree to the policy before signing in to BoldChat.
Starting March 16, 2020, accounts who previously enforced password policies will adopt the following configuration:
- Users must change passwords every 90 days
- Users cannot reuse their last five passwords
Users will be locked after three unsuccessful sign-in attempts for five minutes. After 25 unsuccessful attempts, users will be ‘hard locked’ and will be able to unlock their accounts only by resetting their passwords. As additional protection, LogMeIn uses risk-based authentication to protect against sophisticated password attacks.
Your existing password policy that you can set on thepage in the BoldChat Operator client will change to default in the following cases:
- You have selected Apply password policy to all users on the Future Login Setup page
- You have enabled Disallow reusing password for X generations on the page
- You have enabled Force change of password every X days on the page
Who should verify their email address?
From March 16, 2020, BoldChat users may have to provide their email address and go through a short email verification process when signing in for the first time. A BoldChat administrator can save time for users by setting up user email addresses, in which case users can skip the email verification. After setting up user emails, select the Force email that I set up for my users option on thepage in the BoldChat Operator Client.
After setting up an email address, BoldChat users can sign in with their email address.
To set up user emails with the BoldChat API, see How to set up user emails with the BoldChat API?
Where to make changes in the BoldChat Operator Client
You can make email and password policy-related changes on thepage in the BoldChat Operator Client:
- Force email that I set up for my users
- After an admin sets up unique email addresses for all BoldChat users, select this option to force using those pre-defined emails to sign in. BoldChat users will not have to verify their emails.
- Password policy changes
- Select this option to apply LogMeIn's common password policy on all BoldChat users starting March 16, 2020. This means forcing users to change their passwords every 90 days and not reusing their last five passwords.