Skip to main content
Best Answer

Reset password without e-mail process

  • June 4, 2024
  • 6 replies
  • 177 views
msantos
Helper II
Forum|alt.badge.img+2

Hello,

A company has more 14.000 employees, and only 2.000 have an email.

The problem is the password recover. We have to implement a solution that the user can change the password, without send a link by email.

I found a post that its possible using a Docebo Connect, but I do no how.

 

Any ideas?

 

 

Best answer by msantos

Hi @dklinger , thank you for your help.

The company does not keep the personal email from the learners.

The only solution that I received from Docebo´s support, is to:

 The current best practice of our customers is to build a webapp with a form and then we integrate via API's. The flow could look like:
user forgot password -> Clicks on public page of LMS -> iframed webapp with form -> data entered into form -> webapp passes data to backend services -> services call the data in the LMS platform and make desired changes. 

 

    6 replies

    dklinger
    Hero III
    Forum|alt.badge.img+11
    • dklinger
    • Hero III
    • June 4, 2024

    @msantos - it is my opinion that you are going to run into some corners….but a thought is you can do an age old practice...that may get cybersecurity crazy:

    1. set the password for all of your users
    2. force the password to be changed by them upon coming into the system the first time (an option that is given to you)

    This approach may get your cybersecurity crazy because starting everyone with the same password is a type of recipe for disaster and being exploited as you are working from a SPF (a single credential/single point of failure). Being that we are talking about getting into a learning system, you can assess how high or low your risk is with IP and then choose to use a default password as an approach.

    Can you use personal email and enforce that they must enter a personal email into their profile for notifications?

    S
    S
    Helper II
    Forum|alt.badge.img

    @msantos - it is my opinion that you are going to run into some corners….but a thought is you can do an age old practice...that may get cybersecurity crazy:

    1. set the password for all of your users
    2. force the password to be changed by them upon coming into the system the first time (an option that is given to you)

    This approach may get your cybersecurity crazy because starting everyone with the same password is a type of recipe for disaster and being exploited as you are working from a SPF (a single credential/single point of failure). Being that we are talking about getting into a learning system, you can assess how high or low your risk is with IP and then choose to use a default password as an approach.

    Can you use personal email and enforce that they must enter a personal email into their profile for notifications?

    Very well answered! This is a typical workaround, but you will run into obstacles on the way and it is definitely not best practice. If you go this way, here some advice:

    • Regularly update your standard password
    • Avoid using this process with users with more permissions (e.g. power users)

    The option described by @dklinger with the personal email would be definitely more secure. Some of our clients are also using a SSO and they take care of password reset for users without an email.

    dklinger
    JZenker
    Guide II
    Forum|alt.badge.img+2
    • JZenker
    • Guide II
    • June 5, 2024

    I would use a public form hyperlinked as a widget of some kind that lets them go in and alert someone somewhere that they need pw assistance. Maybe also a field for identifiable information so you can go find them on the floor.

     

    Annarose.Peterson
    dklinger
    msantos
    Helper II
    Forum|alt.badge.img+2
    • msantos
    • Author
    • Helper II
    • Answer
    • June 11, 2024

    Hi @dklinger , thank you for your help.

    The company does not keep the personal email from the learners.

    The only solution that I received from Docebo´s support, is to:

     The current best practice of our customers is to build a webapp with a form and then we integrate via API's. The flow could look like:
    user forgot password -> Clicks on public page of LMS -> iframed webapp with form -> data entered into form -> webapp passes data to backend services -> services call the data in the LMS platform and make desired changes. 

     

    dklinger
    Hero III
    Forum|alt.badge.img+11
    • dklinger
    • Hero III
    • June 11, 2024

    Hi @dklinger , thank you for your help.

    The company does not keep the personal email from the learners.

    The only solution that I received from Docebo´s support, is to:

     The current best practice of our customers is to build a webapp with a form and then we integrate via API's. The flow could look like:
    user forgot password -> Clicks on public page of LMS -> iframed webapp with form -> data entered into form -> webapp passes data to backend services -> services call the data in the LMS platform and make desired changes. 

     

    @msantos - when you are cooked up and going - I would love to see what you come up with. DM me when you get a moment...

    msantos
    E
    • e.schoombee
    • Newcomer
    • October 31, 2025

    Hi everyone,

    We’re currently rolling out Docebo across our offices in Germany and have run into a challenge that I imagine others may have faced too. 

    Not all of our employees have a company email address, and due to GDPR restrictions, we cannot always use their personal email addresses for training or communication purposes.

    This creates some practical issues like described by you here. 

    • How to manage password creation and especially the “Forgot your password” functionality if no email address is available.

    • How to reduce the admin workload when users forget passwords and can’t trigger resets via email.

    I would love to hear your experience with the solution suggested by Docebo. Is it working like it should? How did you set it up?. 

    msantos
    Terms & ConditionsCookie settingsAccessibility statement