About Sign-In and Password Policies
Oracle CRM On Demand provides the highest levels of security for your company. Security constraints have been built in to ensure that only authorized users have access to your data.
Additionally you can enforce certain sign-in, password, and authentication policies to raise the level of security within your company. For example, you can set the sign-in timeout to 15 minutes to better adhere to your corporate security policies. And if any of your users forget their password, they can receive a new one by simply answering a set of validation questions. As an added security measure, you can specify the number of hours for which an active session can last. For example, you can set up a user’s active login session to last an hour. When the user reaches the active session limit and tries to perform an action within Oracle CRM On Demand, the user is forced to enter her login credentials before continuing the session.
Before you set up your sign-in and password controls, you need to carefully consider your security needs. Some of the questions you should answer are:
When you have defined your sign-in and password policies, you can implement them in the Company Administration pages in the application.
Password Setting Changes
If you make changes to the password settings, the system does not enforce the changes until the current passwords expire. For example, if you change the minimum password length from seven characters to 10 and a user already has a seven character password, the user can use the seven character password until it expires. At that time, the user will have to create a new password of at least 10 characters.
It is best to set the internal policy and select the settings before adding new users to the system. If, however, you must make a change to your security policy immediately, you have the ability to reset all user passwords. This action generates an email to all the users in your company providing them with a new temporary password. You must have the Reset Passwords privilege to do this.
What Happens When Users Forget Their Password?
Users who have the Reset Personal Password privilege in their role can submit a request to reset their password if they forget it. They can use the Can't Access Your Account? link on the Oracle CRM On Demand sign-in page. You must define the minimum number of security questions and answers that users must provide to have their password reset. When this feature is set up, users can reset their own Oracle CRM On Demand password without the company administrator intervening.
|Published 5/4/2012||Copyright © 2005, 2012, Oracle. All rights reserved. Legal Notices.|