This article provides an overview of workflow changes coming to Legacy Portal’s user management workflows that were released in August 2025.
The purpose of this article is to address Frequently Asked Questions and ensure that each program is equipped to take full advantage of these important security updates.
Why are we updating our password workflows?
We have enhanced how student passwords are handled in Legacy Portal as part of our ongoing commitment to security best practices. These changes are necessitated by back-end security updates and will further enhance platform security and better align our authentication workflows with industry norms.
Does this impact me if I’m using a Single-Sign-On (SSO) Integration?
No. Users who sign in with SSO will continue to use credentials managed through their institution’s Identity Provider (IDP). We do not store login credentials for users who authenticate via an SSO integration.
What has changed in the workflow?
As part of the ongoing security updates, users' existing passwords are no longer sent via email. Any email that previously included a user’s existing password has been updated to provide an auto-generated temporary password, and/or a secure link to the Password Reset workflow, in accordance with security best practices.
Which workflows specifically have been impacted by this change?
These changes impact Exam Taker Emails, the Exam-Taker Password Reset workflow, and the Account Creation workflow.
Exam Taker Emails
Previously, Admin users had the ability to include an Exam Taker’s existing password when sending any email from the Exam Takers tab, or from the Exam Taker Activity tab for a given Assessment.
This workflow has been updated so that, instead of sending a user’s existing credentials, they may instead send a new temporary password.
This temporary password will overwrite the user’s existing credentials, meaning they will not be able to log in with their previous username and password once that operation has been completed. Users will also be required to set their own password upon their first login to the ExamSoft Portal. Mandatory password reset is not required after Examplify login at this time.
Email Templates
Certain email templates, such as the ExamSoft Installation Instructions template, previously included the user’s existing credentials. These have been updated to remove the user’s existing password; instead, they now provide general login instructions and direct users to the Reset Password workflow in the event that they do not know their existing credentials.
Password Reset Workflow
Previously, when an Exam Taker accessed the ‘Forgot StudentID or Password?’ workflow on the login page, they received an email containing their existing password, along with a URL to reset their password.
This email has been updated to remove the existing password; instead, it requires users to set a new password using a secure URL. This is consistent with the existing “Forgot Password?” workflow for Admin users and industry best practices.
Account Creation
The account creation workflow has not been changed at this time, and Admins still have the ability to set an initial temporary password for users when creating an account. However, while users will still receive their initial password via email, they will be required to set their own password upon login to the ExamSoft Portal. Mandatory password reset will not be required after Examplify login at this time.