IN erpnext14, My employee can change his password through his user profile. How to avoid this?
Maybe you could have an external authentication provider / SSO?
https://frappeframework.com/docs/user/en/guides/deployment/how-to-enable-social-logins
I’m not sure it’s possible to disable password reset, unless password login is completely disabled.
My personal opinion
If the employee can’t change his/her password, then necessarily someone else has to start the password reset procedure (i.e. a system manager), leading to potential loss of productivity and unnecessary communications (with an increased attack surface for social engineering attacks).
Also, I would advise against a manual control over the passwords of the employees. A password should only be known to a single person, not multiple. Instead, a password policy could be enabled, or an external authentication system could be used.
1 Like