logo
Core ConceptsAuthentication
Core Concepts

Authentication and password security

Understand how Campium authenticates users, enforces strong passwords by application, and handles Google and Apple sign-in, plus admin-focused troubleshooting tips.

Overview

Authentication in Campium controls how users access accounts and how passwords are secured across registration, login, and password management flows.

Recent updates enforce stronger, application-specific password rules across all flows and add Google and Apple sign-in buttons to the login experience.

Campium now validates password strength on both the client and server and provides inline guidance as users reset or change their passwords. The login page also supports OAuth-based sign-in with Google and Apple alongside standard email and password. Client-side checks give real-time feedback, and server-side validation always runs before saving a password, so users cannot bypass the rules.

Password strength rules

Campium enforces a consistent password policy across registration, password reset, and password change actions, while allowing different minimum lengths for the admin site and the portal.

Every new or updated password must:

  • Meet the minimum length for the site being used:
    • campiumdb.com (admin site): at least 12 characters
    • Portal: at least 8 characters
  • Include at least one uppercase letter
  • Include at least one lowercase letter
  • Include at least one special character (for example: !, @, #, $, %)
  • Not be a common weak password (for example, password, 123456, qwerty) or an obvious repeat or sequence (like aaaa, 1234)

If a user submits a password that does not meet these rules, Campium rejects the change and shows an inline error explaining what is missing. The same validation runs on the server even if UI hints are bypassed, so weak or prohibited passwords never get saved.

Password policy by application

Campium applies the same character and weak-password checks everywhere, but the minimum length depends on where the user signs in:

  • campiumdb.com (admin site): 12-character minimum, plus upper/lower/special and blocked weak passwords.
  • Portal: 8-character minimum, plus the same upper/lower/special and blocked weak passwords.

When you support users, always confirm which site they are using so you reference the correct minimum length.

Where the rules apply

Campium applies the same validation logic in these flows, with the appropriate minimum length for the site the user is on:

  • User registration from the portal or admin-invited signup
  • Forgot password / reset password links
  • Change password from within a logged-in session

Users see updated UI hints in these flows that describe the minimum length for that site, character requirements, and blocked weak passwords before they submit the form. As an admin, you can rely on the platform to enforce the policy; you do not need to manually review individual passwords.

If users report that a password "will not save," have them read the inline password requirements on the page and adjust their password to meet all criteria for the site they are using.

Reset your password

Use this procedure when a user has forgotten their password or receives an invalid password error and cannot log in.

Start the reset flow

  • Ask the user to open the appropriate Campium login page (campiumdb.com for admins or the portal for end users).
  • Instruct them to select the forgot password option.
  • They should enter the email address associated with their Campium account and submit the form.

Check the reset email

  • The user receives an email with a secure password reset link.
  • Confirm they check the correct inbox (and spam or promotions folders if necessary).
  • If they do not receive an email after a short delay, confirm the email address you have on file and resend the reset from the admin tools if available.

Create a new strong password

  • When the user opens the reset link, the page shows inline guidance for password requirements, including the minimum length for that site.
  • Ask portal users to enter a new password that is at least 8 characters long, and campiumdb.com admins to use at least 12 characters, in both cases including uppercase, lowercase, and a special character, and avoiding common or easily guessed passwords.
  • If the password is too weak, too short for that site, or appears in the blocked list of common passwords, the page highlights which rule is missing or violated and blocks submission until all rules are satisfied.

Confirm access

  • After the reset succeeds, the user can return to the login page.
  • Have them log in using their email and the new password.
  • If login fails, confirm they are using the updated password and not a previously saved one in the browser.

Change your password while logged in

Use this procedure when a user is already authenticated but wants to update their password for security or policy reasons.

Open account settings

  • Ask the user to sign in to Campium if they are not already logged in.
  • Direct them to their account or profile settings section.
  • Have them locate the security or password settings option.

Verify current password

  • The form typically asks for the current password before allowing changes.
  • The user should enter their existing password to verify their identity.
  • If they cannot recall it, redirect them to the reset password flow instead of continuing here.

Enter and confirm new password

  • The user must enter a new password that follows the same rules for their site: portal requires at least 8 characters, while campiumdb.com requires at least 12 characters, and both also require uppercase, lowercase, and a special character and block common or easily guessed passwords.
  • Inline hints on the form show the requirements for that site and update as they type.
  • Campium runs server-side validation when they submit; if the password is too short, weak, or on the blocked list, the change fails and the page shows what needs to be fixed.

Re-authenticate if prompted

  • After a successful change, Campium may ask the user to re-authenticate.
  • Advise them to sign in again with the new password on any active devices or browsers.
  • Encourage them to update any password managers they use so they do not get locked out later.

Email and password login behavior

Standard login uses the combination of a registered email address and a password that meets the strength policy for the specific site (8-character minimum in the portal, 12-character minimum on campiumdb.com, plus character and weak-password rules).

When a user attempts to log in:

  • Campium verifies that the email belongs to an existing account.
  • The submitted password is checked against the stored credentials.
  • If the account requires a password update due to new policy rules, Campium prompts the user to reset or change their password before continuing.

If validation fails, the login page shows an error. For security, some errors do not specify whether the email or password is incorrect, but when a password is too weak, too short for the site, or appears on the blocked list during a change or reset, the UI explicitly explains which requirement was not met.

Google and Apple sign-in

Campium supports OAuth-based sign-in with Google and Apple in addition to email and password. These options appear as dedicated buttons on the login page.

High-level OAuth flow

When a user selects Sign in with Google or Sign in with Apple:

  1. Campium redirects or opens a popup to the provider's sign-in page.
  2. The user authenticates with their Google or Apple account and reviews any requested access.
  3. The provider returns an authorization result to Campium.
  4. Campium logs the user into the associated account or shows an error if the sign-in fails or is cancelled.

From an admin perspective, you should expect:

  • Users who choose Google or Apple do not enter a Campium password on that attempt.
  • Campium still associates their provider account with a Campium user record.
  • Standard account-level restrictions in Campium (roles, permissions, status) still apply after sign-in.

If your organization prefers a specific sign-in method for admins versus portal users, communicate this in your onboarding materials so users know whether to use email and password or a social provider.

User expectations with Google and Apple

Advise users of the following behavior:

  • They must complete the provider's sign-in steps, including any multi-factor prompts the provider requires.
  • If they cancel the provider's window or block popups, the sign-in will not complete.
  • If the provider reports an error, Campium shows a message such as Sign-in was cancelled or failed on the login page.

As an admin, you do not manage Google or Apple passwords from Campium. Direct users to their provider's account settings for issues with those credentials.

Troubleshooting authentication issues

Use these expandable sections to quickly diagnose and resolve the most common authentication problems users encounter.

This message appears when Google or Apple sign-in does not complete successfully or the user closes the provider window.

  • Ask the user to try the sign-in again and complete all steps on the provider page.
  • Confirm that their browser allows popups for your Campium domain if the sign-in opens in a new window.
  • If the problem persists, have them use email and password login instead.
  • If they cannot remember their password, guide them through the reset password steps above.

Operational tips for admins

Admins and technical staff can improve authentication reliability and support by adopting a few practices:

  • Standardize password guidance separately for portal users and campiumdb.com admins so portal users know about the 8-character minimum and admins know about the 12-character minimum, along with the required character mix and blocked weak passwords.
  • Encourage password managers to help users generate and store strong passwords that meet Campium's rules.
  • Document preferred sign-in options (email/password vs Google vs Apple) for your organization, and clarify which options apply to portal users versus admins.
  • Capture details when issues occur, including the exact error message text, which site and sign-in method were used (portal vs campiumdb.com, email/password vs Google/Apple), and screenshots where possible, before escalating to support.

These practices reduce support load and help users recover access quickly while keeping accounts secure.

Was this page helpful?
Built with Documentation.AI

Last updated today