Print      Open PDF Version of Online Help


Previous Topic

Next Topic

Defining Your Company's Password Controls

You can define the password policy for Oracle CRM On Demand. For example, you can set the password policy to conform to your company's protocols about how long passwords should be and how often they should expire.

To define your company password controls

  1. In the upper right corner of any page, click the Admin global link.
  2. In the Company Administration section, click the Company Administration link.
  3. In the Company Profile section, click the Sign In and Password Control link.
  4. On the Company Sign In and Password Control page, fill in the information, and then save the settings.

    The following table describes the settings.

    NOTE: To reset their password, users must have the Reset Personal Password privilege in their user role. To reset their password from the Can't Access Your Account? link on the Oracle CRM On Demand sign-in page, users must also have security questions and answers set up in the system.

    Setting

    Possible Values

    Usage

    Sign-in Policy Information

    Company Sign In ID

    Text box

    Is a unique identifier for your company. When creating new users this identifier will be the first portion of the User Sign In Id (Company Sign-in ID) for the user. When new users are created and the Default User ID Type is Company Sign-in ID, the Company Domain part of the user ID is prepopulated with this value. This setting can also be accessed from the Company Profile page.

    Maximum Number of Current Password Attempts

    Number between 1 and 3

    The number of times that a user can try to enter the current password. If the user is entering the current password at the login screen when the number of attempts is reached, then the user is locked out from Oracle CRM On Demand. The Sign In Lockout Duration field value determines how many attempts are allowed. However, if the user is entering the current password from within Oracle CRM On Demand, or if the user is updating the password, and if the maximum number of current password attempts is reached, then the user’s session is terminated. The user is not locked out from Oracle CRM On Demand, and the maximum number of current password attempts is still available at the login screen before Oracle CRM On Demand applies the value set in the Sign In Lockout Duration field.

    The default value for existing and new customers is 3.

    Sign In Lockout Duration

    15, 30, 60 minutes or Forever

    The length of time that the user's account is locked.

    Maximum Session Duration in Hours

    0-9999 hours

    The length of time that a user’s active session can last before the user is asked to reenter his login credentials. This field accepts positive integers from zero (0) through 9999.

    To view your default value for this setting, go to the Sign In and Password Policies page in Company Administration .

    When using Oracle CRM On Demand, you must reenter your login credentials when the active session reaches its maximum duration.

    When using Web services and the active session times out, the Web Services client must reauthenticate to continue using Web services.

    Password Control Information

    Expire User Passwords In

    30, 60, 90 days, one year, or never expires

    The length of time that a user's password is valid. After this period has elapsed, the user is forced to change the password.

    Minimum Password Length

    Number between 6 and 10

    The minimum number of characters that can be used for a password.

    Maximum Number of Password Changes

    Number between 1 and 20

    The maximum number of times that a user's password can be changed as specified in the Password Change Limit Window setting. If a user attempts to change a password more than the specified number of times, the change is not allowed.

    Password Change Limit Window

    Number of days (from 1 to 7)

    The period during which the Maximum Number of Password Changes setting applies.

    Complexity Level of Passwords

    3 or 4

    The number of character classes that must be satisfied in the user passwords from the following four categories:

    • Uppercase characters (A...Z)
    • Lowercase characters (a...z)
    • Numeric characters (0, 1, 2...9)
    • Nonalphanumeric characters (!,$,#,%)

       

       

    Enforce Password Policy On Logon

    Check box

    If the check box is selected, then a password policy check is enabled when users sign in to Oracle CRM On Demand. This policy check ensures that the user's password complies with the Minimum Password Length and Complexity Level of Passwords settings in Oracle CRM On Demand.

     

    Number Of Last Passwords To Prevent User From Reusing

    Number between 0 and 10

    The number of previously used passwords that the user cannot reuse in Oracle CRM On Demand.

    The default value for new companies is 3. The default value for existing companies is 1 or 0 if the following conditions are met:

    • The New Password Must Be Different Than Your Old Password setting is selected.
    • The Number Of Last Passwords To Prevent User From Reusing setting is deselected.

    Authentication Information

    Number Of Security Questions To Be Completed

    Number between 1 and 8

    This setting determines how many security questions and answers a user must set up. The user's questions and answers are stored for future use.

    NOTE: Users set up their security questions when they sign in to Oracle CRM On Demand for the first time. Users can also change their security questions at any time. For more information, see Setting Up Your Security Questions.

    When users reset their password from the Can't Access Your Account? link on the Oracle CRM On Demand sign-in page, they must answer a certain number of the security questions that they set up.

    You can specify that users must set up a larger number of questions than the number they are required to answer when resetting a password. A random selection of the questions the user sets up is displayed to authenticate the user when resetting the password.

    Number Of Security Questions To Be Answered

    Number between 1 and 8

    This setting determines the number of security questions that a user must answer when resetting a password from the Can't Access Your Account? link on the Oracle CRM On Demand sign-in page. When the user submits the request to reset the password, the user receives an email, shortly afterwards, with a link to a temporary page.

    On the temporary page, the user must answer the number of security questions specified in this setting before the password can be reset.

    The value in this field must be less than or equal to the value in the Number of Security Questions to be Completed field, because the user cannot be required to answer more questions than the user has set up.

    Number Of Days Temporary Sign In Is Valid

    Number of days (1 to 14)

    This setting determines the number of days that a temporary sign-in password is valid. An email with temporary sign-in information is typically sent when a new user is added, or when the company administrator or Customer Care resets the user's password.

    Number Of Temporary Password Sign In Attempts

    Number of attempts (1 to 14)

    The total number of sign-in attempts allowed using a temporary sign-in password. If this value is exceeded, the user's temporary sign in information becomes invalid, and the user must have the password reset again.

    Additional Information

    Allow Users To Change User ID

    Check box

    If the check box is selected, users who edit their User Profile can change their User ID. If the feature is not enabled, only the company administrator can change the user IDs.

    Allow Users To Change Email Address

    Check box

    If this check box is selected, then users who edit their user profile can change their email address. If this feature is not enabled, then only the company administrator can change the email addresses.

    Concurrent Session Option

    Allow with Notification, Allow without Notification, and Prevent and Terminate Existing

    This setting allows you to manage how Oracle CRM On Demand handles concurrent sessions while using your login credentials.

    The option, Allow with Notification, allows you to engage in concurrent sessions. However, Oracle CRM On Demand notifies you that another session is in progress, using the same account details. Oracle CRM On Demand also provides notification to the user on the other session.

    The option, Allow without Notification, allows you to engage in concurrent sessions. However, Oracle CRM On Demand does not notify either user that the other session is in progress.

    The option, Prevent and Terminate Existing, closes the first and existing session, leaving the second and new session in progress. Users of both sessions are notified of the actions.


Published 5/4/2012 Copyright © 2005, 2012, Oracle. All rights reserved. Legal Notices.