Fast User Switching

[msj1542]

I would like to add the functionality for an app to run on a shared computer that numerous staff members interact with, but still allow them to log on and off in a quick/efficient way. One way I can envision this happening (and I am open to any other suggestions as well if anyone has any input), but Im not sure if there is an easy/straightforward way to implement this, would flow like this: A user logs in with his or her username/password in the morning/beginning of his shift, and "clock-in" or someway of making this user "active." Then then after use he clicks a button to log out/switch user/etc. which exists to the login screen, but if he is still "active"/"clocked-in" his or her login credentials are reduced to either two characters (initials, or something), or a user icon to click, or something else, and a four digit pin instead of the traditional password. This functionality would remain in place until either A. he or she "clocks-out" or B. the date changes at 12am, whichever happened first, and then that users status would change to inactive in the system and he or she would have to put in their original username and full password and "clock-in" again to initiate this quick switching functionality.

I know this sounds like it could be a trivial feature for a small value add, but I would like to make a transition between users as seamless as possible to discourage people from simply "not" doing it, and running the risk of users by accident (or through laziness) interacting with the app through the wrong users credentials, so that permissions and audit tracking remains accurate.

As I said, I am open to any other suggestions on how to make this possible too, but in thinking through it in my mind that was about the best way I could come up with.

[melohagan]

Hi @msj1542

If security is important for your application, then it's probably best not to compromise on the Authentication.

The fact that a shared computer is being used will require a level of trust between the staff members.

Maybe you could use shared accounts based on the access role. So a basic account, developer account and admin account.

Only one or two members of staff could access the admin account, and then the basic / developer accounts could be shared between those that need them.

[msj1542]

I considered that, but in doing that it would eliminate the audit trail for knowing which user made changes/updates/etc. Like I said, this feature isnt a "necessity," but I feel like just this alone could drastically speed up and simplify log on/offs not having to go through the "full" login process every time, numerous times a day, and when in a fast paced situation, in many cases.

I was also thinking, combined with this at the end of each of the main/most commonly used forms have two buttons: "Save" and "Save and Log Off" to eliminate yet another step in the process.

If there were a way to allow someone essentially two passwords, a short and a long password (short being a four digit pin, and the long being a standard one with respective character parameters), but the short one can only be used when that person is clocked in and active within the system that day, and they have to change this pin every 30 days or something, for example.

Then, if there were a way to implement this same functionality to a username, where they have a full username and then a short one (2 character, or something) and the short only works when they are active, this would be a bonus too =].