Siebel Security Guide
What's New in This Release
Back to top
About Security for Siebel Business Applications
General Security Concepts
Industry Standards for Security
Siebel Security Architecture
User Authentication for Secure System Access
Security Adapter SDK
End-to-End Encryption for Data Confidentiality
Controlling Access to Data
Support for Auditing in a Siebel Environment
Secure Physical Deployment to Prevent Intrusion
Security for Mobile Solutions
Security Settings for the Web Browser
Web Sites With Security Information
Roadmap for Configuring Security
Back to top
Changing or Adding Passwords
Changing Passwords
Changing System Administrator Passwords on Microsoft Windows
Changing the Siebel Administrator Password on UNIX
Changing the Table Owner (DBO) Password
Troubleshooting Password Changes By Checking for Failed Server Tasks
Changing Passwords in the Siebel Management Framework
Changing the Siebel Diagnostic Tool User's Password
Changing a Siebel User Account Password in the Siebel Management Framework
Changing the Siebel Enterprise Security Token
Managing Encrypted Passwords in the eapps.cfg File
Encrypting Passwords Using the encryptstring Utility
About Password Encryption
Back to top
Physical Deployment and Auditing
About the Siebel Network
Firewall and Proxy Server Support
Role of Siebel Server Load Balancing in Network Security
About Selecting Port Numbers
Restricting Access to Siebel Components
Auditing for Data Continuity
Securing Siebel Reports Server
Securing Communications Between the Siebel Web Client and Actuate Active Portal
Securing Communications Between the AOM and Actuate iServer
Securing Siebel Document Server
Back to top
Communications and Data Encryption
Types of Encryption
Process of Configuring Secure Communications
About Certificates and Key Files Used for SSL Authentication
Installing Certificate Files
Configuring SSL Mutual Authentication
About Configuring Communications Encryption for Siebel Enterprise and SWSE
Configuring SSL Encryption for the Siebel Enterprise or a Siebel Server
Configuring SSL Encryption for SWSE
About Configuring SSL for the Siebel Management Framework
Enabling SSL Acceleration for Web Server and Web Client Communications
About Configuring Encryption for Web Clients
Configuring Encryption for Mobile Web Client Synchronization
About Data Encryption
How Data Encryption Works
Requirements for Data Encryption
Encrypted Database Columns
Upgrade Issues for Data Encryption
Configuring Encryption and Search on Encrypted Data
Managing the Key File Using the Key Database Manager
Adding New Encryption Keys
Changing the Key File Password
About Upgrading Data to a Higher Encryption Level
Process of Upgrading Encrypted Data to a Higher Encryption Level
Requirements for Upgrading to a Higher Encryption Level
Modifying the Input File
Running the Encryption Upgrade Utility
About the Siebel Strong Encryption Pack
Installing the Siebel Strong Encryption Pack
Increasing the Encryption Level
Reencrypting Masked Parameters
Security Considerations for Unicode Support
Back to top
Security Adapter Authentication
About User Authentication
Comparison of Authentication Strategies
About Siebel Security Adapters
Configuring Database Authentication
About LDAP or ADSI Security Adapter Authentication
LDAP and ADSI Security Adapter Authentication Process
Comparison of LDAP and ADSI Security Adapters
Requirements for the LDAP or ADSI Directory
About Installing LDAP Client Software
Process of Installing and Configuring LDAP Client Software
Considerations for Secure LDAP Using SSL
Installing the IBM LDAP Client and IBM GSKit on Windows
Installing the IBM LDAP Client and IBM GSKit on Oracle Solaris
Installing the IBM LDAP Client and IBM GSKit on AIX
Installing the IBM LDAP Client and IBM GSKit on HP-UX
Installing the IBM LDAP Client and IBM GSKit on Linux
Configuring the siebenv.csh and siebenv.sh Scripts for the LDAP Client
Configuring the IBM GSKit
Generating a CMS Key Database Using IBM GSKit
Configuring LDAP or ADSI Security Adapters Using the Siebel Configuration Wizard
Process of Implementing LDAP or ADSI Security Adapter Authentication
Requirements for Implementing an LDAP or ADSI Authentication Environment
About Creating a Database Login
Setting Up the LDAP or ADSI Directory
Creating Users in the LDAP or ADSI Directory
Adding User Records in the Siebel Database
Setting Security Adapter Parameters in the SWSE Configuration File (eapps.cfg)
Configuring Security Adapter Gateway Name Server Parameters
Configuring LDAP or ADSI Authentication for Developer Web Clients
Restarting Servers
Testing the LDAP or ADSI Authentication System
About Migrating from Database to LDAP or ADSI Authentication
About Password Hashing
Overview of the Login Process When Password Hashing Is Enabled
Process of Configuring User and Credentials Password Hashing
Guidelines for Password Hashing
Configuring User Password Hashing
Configuring Database Credentials Password Hashing
Running the Password Hashing Utility
Security Adapter Deployment Options
Configuring the Application User
Configuring Checksum Validation
Configuring Secure Communications for Security Adapters
Configuring the Shared Database Account
Configuring Adapter-Defined User Name
Configuring the Anonymous User
Configuring Roles Defined in the Directory
Security Adapters and the Siebel Developer Web Client
Authentication for Mobile Web Client Synchronization
Back to top
Web Single Sign-On Authentication
About Web Single Sign-On
Web SSO Authentication Process
Web SSO Limitations
About Implementing Web SSO Authentication
Process of Implementing Web Single Sign-On
Requirements for Implementing Web SSO in a Specified Environment
Creating Protected Virtual Directories
About Creating a Database Login
Setting Up the ADSI Directory
Creating Users in the Directory
Adding User Records in the Siebel Database
Setting Authentication Parameters in the SWSE Configuration File (eapps.cfg)
Setting Authentication Parameters for the Siebel Gateway Name Server
Editing Parameters in the Application Configuration File
Restarting Servers
Testing Web SSO Authentication
Digital Certificate Authentication
Configuring the User Specification Source
Back to top
Security Features of Siebel Web Server Extension
Configuring a Siebel Web Client to Use SSL
Login Security Features
About Using Cookies with Siebel Business Applications
Session Cookie
Auto-Login Credential Cookie
Siebel QuickStart Cookie
Enabling Cookies for Siebel Business Applications
Back to top
User Administration
About User Registration
Configuring Anonymous Browsing
About Anonymous Browsing and Unregistered Users
Implementing Anonymous Browsing
Configuring Views for Anonymous Browsing or Explicit Login
About Self-Registration
Implementing Self-Registration
Self-Registration and the Anonymous User Record
Setting Configuration Parameters for Self-Registration
Activating Workflow Processes for Self-Registration
Modifying Self-Registration Views and Workflows
Managing Duplicate Users
Managing Forgotten Passwords
User Experience for a Forgotten Password
Defining Password Length for System-Generated Passwords
Architecture for Forgotten Passwords
Modifying the Workflow Process for Forgotten Passwords
Modifying Workflow Process to Query Null Fields
Modifying Workflow Process to Request Different Identification Data
Internal Administration of Users
Adding a User to the Siebel Database
Adding a New Employee
Adding a New Partner User
Adding a New Contact User
Promoting a Contact to a Contact User
Modifying the New Responsibility Field for a User Record
Delegated Administration of Users
User Authentication Requirements for Delegated Administration
Access Considerations for Delegated Administration
Registering Contact Users—Delegated Administration
Registering Partner Users—Delegated Administration
Maintaining a User Profile
Editing Personal Information
Changing a Password
Changing the Active Position
Back to top
Configuring Access Control
About Access Control
Access Control for Parties
Access Control for Data
Access Control Mechanisms
About Personal Access Control
About Position Access Control
About Single-Position Access Control
About Team (Multiple-Position) Access Control
About Manager Access Control
About Organization Access Control
About Single- and Multiple-Organization Access Control
About Suborganization Access Control
About All Access Control
About Access-Group Access Control
Planning for Access Control
Access Control and Business Environment Structure
Planning for Divisions
Planning for Organizations
Planning for Positions
Planning for Responsibilities
About Implementing Access Control
Applications and Access Control
Setting Up Divisions, Organizations, Positions, and Responsibilities
Responsibilities and Access Control
Business Component View Modes
Business Component View Mode Fields
Viewing an Applet's Access Control Properties
Listing View Access Control Properties
Example of Flexible View Construction
Implementing Access-Group Access Control
Scenario For Implementing Access-Group Access Control
Viewing Categorized Data (The User's Experience)
Administrative Tasks
About Administering Catalogs of Data
Administering Positions, Organizations, Households, and User Lists
Administering Access Groups
Associating Access Groups with Data
Managing Tab Layouts Through Responsibilities
Specifying Tab Layouts For Responsibilities
Assigning a Primary Responsibility
Exporting and Importing Tab Layouts
Managing Tasks Through Responsibilities
Administering Access Control for Business Services
Associating a Business Service with a Responsibility
Associating a Responsibility with a Business Service
Example of Associating a Responsibility with Business Service Methods
Clearing Cached Business Services
Disabling Access Control for Business Services
Administering Access Control for Business Processes
Clearing Cached Responsibilities
About Configuring Visibility of Pop-Up and Pick Applets
About Configuring Drilldown Visibility
Party Data Model
How Parties Relate to Each Other
Person (Contact) Data Model
User Data Model
Employee Data Model
Position Data Model
Account Data Model
Division Data Model
Organization Data Model
Partner Organization Data Model
Household Data Model
User List Data Model
Access Group Data Model
Back to top
Troubleshooting Security Issues
User Authentication Issues
User Registration Issues
Access Control Issues
Back to top
Configuration Parameters Related to Authentication
Parameters in the eapps.cfg File
Siebel Gateway Name Server Parameters
Siebel Application Configuration File Parameters
Back to top
Seed Data
Seed Employee
Seed Users
Seed Responsibilities
Seed Position and Organization
Seed Database Login
Back to top
Addendum for Siebel Financial Services
Siebel Financial Services Applications
User Authentication for Siebel Financial Services
User Registration and Administration for Siebel Financial Services
Seed Data
Unregistered Users and Anonymous Browsing
Self-Registration
Internal Administration of Users
External Administration of Users
Maintaining a User Profile
Basic Access Control for Siebel Financial Services
Access Control Mechanisms
Administration of Access-Group Access Control
Configuration File Names for Siebel Financial Services Applications
Seed Data for Siebel Financial Services
Seed Users
Seed Responsibilities
Back to top
|