Both Dime.Scheduler's planning application and back office application require users to authenticate.
There are three login mechanisms in Dime.Scheduler.
Given the proper setup by the administrator, users can log in to Azure with their Microsoft credentials, which then passes a set of claims to Dime.Scheduler . This means that Dime.Scheduler does not store any credentials, it can only work with the data that the administrator has granted.
You have seen it before, other websites allowing you to log in with your Facebook or Google account. This is very much like that. Dime.Scheduler can use only so much of the information granted by Microsoft and the administrator. This is beneficial for both Dime and the users: instead of having to store separate credentials for every application (and then forgetting the password for each and every one of them), some other website's identity system can be used. In terms of security, this is also a better option since the onus is on Microsoft to ensure a secure identity management system. We are confident in our own capabilities but Microsoft just has more resources to do the job.
With the Windows login type, users don't even need to enter their credentials. If the user is part of an Active Directory domain, he can just select the Windows login button and the application will take care of the rest.
The forms authentication mechanism is a standard password protected system. It is secure and adheres to the industry standards. Administrators can manually create users in the system using the provided setup view. Users will receive a welcome e-mail and will automatically be prompted to reset the password.
Just like any other web application, there is no need to panic when the user forgets his password. In the login view there is a link that will help the user to securely reset it.
Plugin web applications
When logging in to the plugins' web applications, administrators need to provide credentials to continue. By default, there is a user email@example.com with password Admin!1 provided in the database which you can use to log in for the first time. We cannot urge you enough to remove the user as soon as possible.