A number of iCIMS Talent Cloud products use the following password reset process, including:

• iCIMS Connect (Legacy CRM)
• iCIMS Applicant Tracking (ATS)
• iCIMS Offer Management 
• iCIMS Onboarding 

Overview

Candidates and users can change their own passwords by following the steps in the appropriate article from the list below:

• Changing or Resetting Your Password: iCIMS' Applicant Tracking Users
• Changing or Resetting Your Password: Candidates & New Hires

For password security reasons, it is a best practice for a candidate or user to manage their own password; however, iCIMS provides user admins with the ability to update an individual's password for them should the need arise. The process below describes the steps to update an individual's password from within the system.

Resetting a Password for a Candidate or User

For password security reasons, it is recommended that individuals manage their own passwords using the password retrieval and change processes in the articles referenced above. However, user admins can take the following steps to reset a candidate or user's password.

1. Navigate to the candidate or user's Person profile. Then, click the Login tab.
2. Click the Edit icon.
3. Enter the new password in the Password field. Enter it again in the Password (Re-enter) field to confirm.

4. Click the Save button to save the new password.

The new password will function immediately, but the individual will not receive a notification that the password has been updated. 

Setting Password Requirements within Your System

Passwords are encrypted using secure hash algorithms. iCIMS also provides the ability for the client to select password complexity rules and other requirements. Password requirements for your organization may be set by your Implementation Manager or iCIMS Technical Support based on your organization's preferences.

User admins can also set password requirements for your organization's portals using the settings accessed via Admin > System Configuration > Career Portals > Configure > Portal Settings > Passwords.

iCIMS recommends adopting security practices at least as strict as the following:

• Minimum character length (8 or greater)
• Minimum # alphabetic (1 or greater)
• Minimum # numeric (1 or greater)
• Minimum # lowercase (1 or greater)
• Minimum # uppercase (1 or greater)

Additional options include:

• Force password change periodically (Options include disabled, 30 days, 60 days, 90 days, 180 days, 365 days)
• Enforce password history for (Options range from forbidding reuse of the last 6 passwords to forbidding use of the last 10 passwords)
• Disallowed passwords (This option allows you to specify any passwords users may not use (e.g., "password"))
• Minimum # special characters

Tips:

• If password complexity requirements are changed after a user or candidate has created a password, they will be prompted to create a new password.
• If Force Password Change Periodically is enabled for X days, the system will force users who have not changed their password in greater than or equal to X days to change their password the next time they log in. This applies to new users as well as users who created a password prior to this requirement being enabled.
• If Force Deactivate Expired Login Name Password is enabled, users who have not logged in for a certain amount of time (30, 60 ,or 90 days) will be required to reset their passwords before they can log back in to the portal.