1. Have there been thoughts on creating some sort of option on the Create User screen like "force user to reset password on next login?"  That way I can email my brother a password, but then he HAS to change it and I don't worry about someone else reading his unsecured email.  And I don't have to talk to him (he's a chowderhead).
   
2. The whole forgot password process - can it not be self-serve?  I realize that accounts don't currently store or verify user email addresses.  But has that been explored?  That would enable a more standard self-serve forgot password process that wouldn't require admin intervention.  Then I could at least create accounts for my users with some bogus password.  I would email them their usernames but NOT the password, and tell them to click the Forgot Password link to set their own password.  But as it stands right now it looks like if I told them to do it now I'd then have to look up their new password on the server and email it to them anyway.
   
3. Roll my own login interface - I am NOT a "real" developer, but certainly like to tinker/learn.  So the following thought process occurs to me and I wonder if anyone has already gone down this path: I have my jellyfin instance set up as a subdomain (jellyfin.example.com) of a parent domain I own (example.com).  I already have user account functionality on the parent site at example.com - people can create accounts, reset their own passwords, I can grant access to roles, etc. - traditional stuff, asp.net core, entity framework, identity, etc).  I see there's "create user" functionality in the jellyfin API... what if I have people create user accounts on my website (the parent domain).  Then, if they're a user I want to have access to my jellyfin instance, I could grant then access to some role I create like "jellyfinuser."  Then have my code hit the jellyfin API to create a jellyfin account, password, etc. and link it to my the parent account at example.com.  It seems like the happy path could work, but I imagine it could also create a lot of confusion between where to sign in, different accounts, sync issues, etc.  It'd be like SSO without any of the benefits of SSO!  Would love any thoughts from folks who may have done something similar or at least a glass of cold water to my face telling me "don't do this, there is a better way..."
   

(2023-07-19, 05:12 PM)crobibero Wrote: This project used to be the recommendation but it has since stopped development.

https://jfa-go.com/

(2023-07-19, 05:12 PM)crobibero Wrote: This project used to be the recommendation but it has since stopped development.
https://jfa-go.com/

(2023-07-19, 05:20 PM)TheDreadPirate Wrote: In lieu of jfa-go, would the LDAP plugin meet some of your needs?
https://github.com/jellyfin/jellyfin-plugin-ldapauth
It doesn't get around the problem of having to create everyone's accounts, on LDAP instead of JF, but it should allow you to enforce password expirations via LDAP policy.  Not sure what the workflow for password expiration looks like.