This page (revision-39) was last changed on 26-Nov-2021 10:22 by jaiken

This page was created on 26-Nov-2021 10:22 by jmyers

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note
39 26-Nov-2021 10:22 30 KB jaiken to previous
38 26-Nov-2021 10:22 31 KB rforbes to previous | to last
37 26-Nov-2021 10:22 31 KB rforbes to previous | to last
36 26-Nov-2021 10:22 31 KB rmorrell to previous | to last
35 26-Nov-2021 10:22 31 KB rmorrell to previous | to last
34 26-Nov-2021 10:22 31 KB jmyers to previous | to last
33 26-Nov-2021 10:22 31 KB jmyers to previous | to last EMAIL_ADDRESS ==> EMAIL_ADDRESS(Disambiguation)
32 26-Nov-2021 10:22 31 KB jmyers to previous | to last
31 26-Nov-2021 10:22 31 KB jmyers to previous | to last
30 26-Nov-2021 10:22 31 KB jmyers to previous | to last
29 26-Nov-2021 10:22 31 KB jmyers to previous | to last
28 26-Nov-2021 10:22 32 KB jmyers to previous | to last
27 26-Nov-2021 10:22 32 KB jmyers to previous | to last
26 26-Nov-2021 10:22 33 KB jmyers to previous | to last
25 26-Nov-2021 10:22 33 KB jmyers to previous | to last
24 26-Nov-2021 10:22 33 KB jmyers to previous | to last
23 26-Nov-2021 10:22 33 KB jmyers to previous | to last
22 26-Nov-2021 10:22 33 KB jmyers to previous | to last
21 26-Nov-2021 10:22 33 KB jmyers to previous | to last

Page References

Incoming links Outgoing links
USER PASSWORDS
USER PASSWORDS

Version management

Difference between version and

At line 256 changed 2 lines
;[Date Sensitive Navigator| ]:The Date Sensitive Navigator is a special form block that allows users to view date sensitive records and make date sensitive changes. Refer to the ;[User Interface manual|CONFIGURATION-UI]: for a more detailed description.
;[Access Status|ACTIVE_STATUS]:The Access Status field indicates whether the user can access the system during the time period of the chosen date sensitive record. This field is maintained by the system but can also be entered manually. \\ \\Both the Access Start/End Dates and the Access Status are checked before a user is allowed to log in.
;[Date Sensitive Navigator| ]:The Date Sensitive Navigator is a special form block that allows users to view date sensitive records and make date sensitive changes. Refer to the [User Interface manual|CONFIGURATION-UI] for a more detailed description.
;[Access Status|ACTIVE STATUS]:The Access Status field indicates whether the user can access the system during the time period of the chosen date sensitive record. This field is maintained by the system but can also be entered manually. \\ \\Both the Access Start/End Dates and the Access Status are checked before a user is allowed to log in.
At line 292 removed one line
At line 293 added 12 lines
;[Validation Method| ]:Validation method is a mandatory field that identifies whether the new [{$applicationname}] password facility is being used and it identifies the algorithm used for encrypting the passwords.\\The allowed values are based on the fixed lexicon [X_VALIDATION_METHOD]:
;[Minimum Password Size| ]:This optional numeric field specifies the minimum length of the password. Passwords that are shorten than this will be rejected.
;[Must Contain Digit| ]:This toggle indicates that the password must contain at least one numeric digit. If the toggle is off the system does not impose a restriction.
;[Must Contain Punctuation| ]:This toggle indicates that the password must contain at least one punctuation character. If the toggle is off the system does not impose a restriction.
;[Force Password Change Toggle| ]:This field contains the default for the “Force Password Change” toggle for system generated passwords.
;[Password Must Change| ]:This toggle indicates that new passwords must not match the prior password. If the toggle is off the system does not impose a restriction.
;[# Prior Passwords| ]:This optional numeric field specifies the number of prior passwords that must be different than the new password. This option forces a user to use different passwords each time. If the field is empty the system does not impose a restriction.
;[Password Expires-Dys| ]:This optional numeric field specifies the number of days that a user’s password can exist before going stale. Once the user’s password expires it must be changed on the next login. If the field is empty, the system does not expire the password.
;[Lock After Expires-Dys| ]:This optional numeric field specifies the number of days following password expiration that the user’s access records will remain active. After this the user’s access records will be locked. If this field is empty the user’s access records will remain active indefinitely.
;[Login Attempts| ]:This optional numeric field specifies the number of login attempts a user is allowed before the session expires. If the field is empty the system does not impose a restriction.
;[Max Login Attempts| ]:This optional numeric field specifies the number of login attempts a user is allowed before their access records are locked out. If the field is empty the system does not impose a restriction.
;[IP Lockout Minutes| ]:This optional numeric field specifies the number of minutes an IP address will remain locked out after the maximum number of login attempts have been reached. If this field is empty, the lockout remains until it is reset by a security administrator.\\ \\This feature uses a server setting that applies to an IP address; hence, all accessor types should use the same setting. If different IP Lockout Minutes are used for different accessor types, the most restrictive setting will apply.\\ \\This feature should not be used in environments that use kiosks.
At line 295 removed 55 lines
;[Validation Method| ]:Validation method is a mandatory field that identifies whether the new [{$applicationname}] password facility is being used and it identifies the algorithm used for encrypting the passwords.
The allowed values shown below are based on the fixed lexicon [X_VALIDATION_METHOD]:
Minimum Password Size
This optional numeric field specifies the minimum length of the password. Passwords that are shorten than this will be rejected.
Must Contain Digit
This toggle indicates that the password must contain at least one numeric digit. If the toggle is off the system does not impose a restriction.
Must Contain Punctuation
This toggle indicates that the password must contain at least one punctuation character. If the toggle is off the system does not impose a restriction.
Force Password Change Toggle
This field contains the default for the “Force Password Change” toggle for system generated passwords.
Password Must Change
This toggle indicates that new passwords must not match the prior password. If the toggle is off the system does not impose a restriction.
# Prior Passwords
This optional numeric field specifies the number of prior passwords that must be different than the new password. This option forces a user to use different passwords each time. If the field is empty the system does not impose a restriction.
Password Expires-Dys
This optional numeric field specifies the number of days that a user’s password can exist before going stale. Once the user’s password expires it must be changed on the next login. If the field is empty, the system does not expire the password.
Lock After Expires-Dys
This optional numeric field specifies the number of days following password expiration that the user’s access records will remain active. After this the user’s access records will be locked. If this field is empty the user’s access records will remain active indefinitely.
Login Attempts
This optional numeric field specifies the number of login attempts a user is allowed before the session expires. If the field is empty the system does not impose a restriction.
Max Login Attempts
This optional numeric field specifies the number of login attempts a user is allowed before their access records are locked out. If the field is empty the system does not impose a restriction.
IP Lockout Minutes
This optional numeric field specifies the number of minutes an IP address will remain locked out after the maximum number of login attempts have been reached. If this field is empty, the lockout remains until it is reset by a security administrator.
This feature uses a server setting that applies to an IP address; hence, all accessor types should use the same setting. If different IP Lockout Minutes are used for different accessor types, the most restrictive setting will apply.
This feature should not be used in environments that use kiosks.
!Client Site Configuration
In P2K, password control is set at the client site level through [IMST-Maintain Client Site Information[. This information is still maintained in ePersonality but it is only used for the P2K users.
!EP/SS Transition
ePersonality uses new password generation techniques based on industry standards. Sophisticated security options are provided for clients who wish to tighten their security. However, for compatibility reasons, P2K password information may be kept in tact until clients no longer need to use P2K. If this is done, users will still be able to login to P2K and run certain P2K processes.
The first time an existing user logs in to any part of ePersonality, the accessor information will be automatically created for them verifying against the former P2K passwords. From them on, the new rules apply.
While users are working in ePersonality - Professional or Self Service - all of the new security restrictions will apply. Even though some of the former P2K information is still shown on the ePersonality screens, the new security is driven entirely from the Accessor information and Access Rules described earlier.
P2K itself is unchanged.
Clients should use the “P2K and EP” validation method in their access rules for now so the P2K information is not lost. This will give them the ability to use either system.
It is advisable for clients to assign passwords for a given accessor type through one system, preferably [{$applicationname}].
This page (revision-39) was last changed on 26-Nov-2021 10:22 by jaikenTop