Siebel Security Guide
What's New in This Release
Back to top
About Security for Siebel Business Applications
About This Guide
General Security Concepts
Industry Standards for Security
About Supported Security Products
Siebel Security Architecture
User Authentication for Secure System Access
End-to-End Encryption for Data Confidentiality
About Controlling Access to Data
Support for Auditing in a Siebel Environment
Secure Physical Deployment to Prevent Intrusion
Security for Mobile Solutions
Security Settings for the Web Browser
Web Sites with Security Information
Roadmap for Configuring Security
About Siebel Open UI
Back to top
Changing and Managing Passwords
About Managing and Changing Passwords
About Default Accounts
Changing System Administrator Passwords on Microsoft Windows
Changing the Siebel Administrator Password on UNIX
Changing the Table Owner Password
Troubleshooting Password Changes By Checking for Failed Server Tasks
About the Gateway Name Server Authentication Password
Changing Passwords in the Siebel Management Framework
Changing an RC2-Encrypted Password in the Siebel Management Framework
Changing a Nonencrypted Password in the Siebel Management Framework
Changing the Siebel Enterprise Security Token
Encrypted Passwords in the eapps.cfg File
Encrypting Passwords Using the encryptstring Utility
About Encryption of Gateway Name Server Password Parameters
Back to top
Communications and Data Encryption
Types of Encryption
Process of Configuring Secure Communications
About Certificates and Key Files Used for SSL or TLS Authentication
Installing Certificate Files
Configuring SSL Mutual Authentication
About Configuring Encryption for a Siebel Enterprise and SWSE
About Key Exchange for Microsoft Crypto or RSA Encryption
Configuring SSL or TLS Encryption for a Siebel Enterprise or Siebel Server
Configuring SSL or TLS Encryption for SWSE
About Configuring SSL Encryption for the Siebel Management Framework
Configuring SSL Encryption for the Siebel Management Agent
Configuring SSL Encryption for the Siebel Management Server
Enabling SSL Acceleration for Web Server and Web Client Communications
About Configuring Encryption for Web Clients
Configuring Encryption for Mobile Web Client Synchronization
About Data Encryption
How Data Encryption Works
Requirements for Data Encryption
Encrypted Database Columns
Upgrade Issues for Data Encryption
Configuring Encryption and Search on Encrypted Data
Managing the Key File Using the Key Database Manager
Adding New Encryption Keys
Changing the Key File Password
About Upgrading Data to a Higher Encryption Level
Process of Upgrading Data to a Higher Encryption Level
Requirements for Upgrading to a Higher Encryption Level
Modifying the Input File
Running the Encryption Upgrade Utility
About the Siebel Strong Encryption Pack
Implementing the Siebel Strong Encryption Pack
Increasing the Encryption Level
Reencrypting Password Parameters in the Siebns.dat File
Security Considerations for Unicode Support
Back to top
Security Adapter Authentication
About User Authentication
Comparison of Authentication Strategies
About Siebel Security Adapters
About Database Authentication
Implementing Database Authentication
Implementing Database Authentication with MS SQL Server
About LDAP or ADSI Security Adapter Authentication
LDAP and ADSI Security Adapter Authentication Process
Directory Servers Supported by Siebel Business Applications
Comparison of LDAP and ADSI Security Adapters
Requirements for the LDAP Directory or Active Directory
About Setting Up the LDAP Directory or Active Directory
Verifying the Active Directory Client Installation
About Installing LDAP Client Software
Process of Installing and Configuring LDAP Client Software
Considerations When Using LDAP Authentication with SSL
Installing the LDAP Client Software on Windows
Installing the LDAP Client Software on UNIX
Configuring the siebenv.csh and siebenv.sh Scripts for the LDAP Client
Creating a Wallet for Certificate Files When Using LDAP Authentication with SSL
Configuring LDAP or ADSI Security Adapters Using the Siebel Configuration Wizard
Process of Implementing LDAP or ADSI Security Adapter Authentication
Requirements for Implementing an LDAP or ADSI Authentication Environment
About Creating a Database Login for Externally Authenticated Users
Setting Up the LDAP Directory or Active Directory
Creating Users in the LDAP Directory or Active Directory
Adding User Records in the Siebel Database
Setting Security Adapter Parameters in the SWSE Configuration File (eapps.cfg)
Configuring Security Adapter Gateway Name Server Parameters
Configuring LDAP or ADSI Authentication for Developer Web Clients
Restarting Servers
Testing the LDAP or ADSI Authentication System
About Migrating from Database to LDAP or ADSI Authentication
Security Adapter Deployment Options
Configuring the Application User
Configuring Checksum Validation
Configuring Secure Communications for Security Adapters
Configuring the Shared Database Account
Configuring Adapter-Defined User Name
Configuring the Anonymous User
Configuring Roles Defined in the Directory
About Password Hashing
Process of Configuring User and Credentials Password Hashing
Guidelines for Password Hashing
Configuring User Password Hashing
Configuring Password Hashing of Database Credentials
Running the Password Hashing Utility
About Authentication for Gateway Name Server Access
Implementing LDAP or ADSI Authentication for the Gateway Name Server
Security Adapters and the Siebel Developer Web Client
About Authentication for Mobile Web Client Synchronization
About Securing Access to Siebel Reports
Back to top
Web Single Sign-On Authentication
About Web Single Sign-On
About Implementing Web Single Sign-On
Web Single Sign-On Authentication Process
Requirements for Standards-Based Web Single Sign-On
Set Up Tasks for Standards-Based Web Single Sign-On
Requirements for Microsoft Windows Integrated Authentication
Process of Implementing Windows Integrated Authentication
Requirements for the Example Windows Integrated Authentication Environment
Setting Up Active Directory to Store Siebel User Credentials for Windows Integrated Authentication
Configuring the Microsoft IIS Web Server for Windows Integrated Authentication
Creating Users in the Directory (Windows Integrated Authentication)
Adding User Records in the Siebel Database
Setting Web Single Sign-On Authentication Parameters in the SWSE Configuration File
Setting Web Single Sign-On Authentication Parameters for the Gateway Name Server
Editing Web Single Sign-On Parameters in the Application Configuration File
Restarting Servers
Testing Web Single Sign-On Authentication
About Digital Certificate Authentication
Configuring the User Specification Source
Configuring the Session Timeout
Configuring Siebel CRM and Oracle BI Publisher for Web Single Sign-On
Configuring Siebel CRM for Integration with Oracle BI Publisher with Web Single Sign-On
Configuring Oracle BI Publisher for Integration with Siebel CRM with Web Single Sign-On
Enabling Reports Scheduling with Web Single Sign-On
Back to top
Security Features of Siebel Web Server Extension
Configuring a Siebel Web Client to Use HTTPS
Login Security Features
Implementing Secure Login
Logging Out of a Siebel Application
Login User Names and Passwords
Account Policies and Password Expiration
About Using Cookies with Siebel Business Applications
Session Cookie
Auto-Login Credential Cookie
Siebel QuickStart Cookie
Enabling Cookies for Siebel Business Applications
Back to top
User Administration
About User Registration
About Anonymous Browsing
Process of Implementing Anonymous Browsing
Anonymous Browsing and the Anonymous User Record
Setting Configuration Parameters for Anonymous Browsing
Configuring Views for Anonymous Browsing or Explicit Login
About Self-Registration
User Experience for Self-Registration
Process of Implementing Self-Registration
Self-Registration and the Anonymous User Record
Setting the PropagateChange Parameter for Self-Registration
About Activating Workflow Processes for Self-Registration
(Optional) Modifying Self-Registration Views and Workflows
(Optional) Managing Duplicate Users
Identifying Disruptive Workflows
About Managing Forgotten Passwords
Retrieving a Forgotten Password (Users)
Defining Password Length for Generated Passwords
Architecture for Forgotten Passwords
About Modifying the Workflow Process for Forgotten Passwords
Modifying Workflow Process to Query Null Fields
Modifying Workflow Process to Request Different Identification Data
Internal Administration of Users
About Adding a User to the Siebel Database
Adding a New Employee
About Adding a New Partner User
Adding a New Contact User
Modifying the New Responsibility for a User Record
Delegated Administration of Users
User Authentication Requirements for Delegated Administration
Access Considerations for Delegated Administration
Registering Contact Users (Delegated Administration)
Registering Partner Users (Delegated Administration)
Maintaining a User Profile
Editing Personal Information
Changing a Password
Changing the Active or Primary Position
Back to top
Configuring Access Control
About Access Control
Access Control for Parties
Access Control for Data
Access Control Mechanisms
About Personal Access Control
About Position Access Control
About Single-Position Access Control
About Team (Multiple-Position) Access Control
About Manager Access Control
About Organization Access Control
About Single-Organization and Multiple-Organization Access Control
About Suborganization Access Control
About All Access Control
About Access-Group Access Control
Planning for Access Control
Access Control and Business Environment Structure
About Planning for Divisions
About Planning for Organizations
About Planning for Positions
About Planning for Responsibilities
Setting Up Divisions, Organizations, Positions, and Responsibilities
About View and Data Access Control
Listing the Views in an Application
Responsibilities and Access Control
About Associating a Responsibility with Organizations
Local Access for Views and Responsibilities
Read Only View for Responsibilities
Assigning a Responsibility to a Person
Using Responsibilities to Allow Limited Access to Server Administration Views
Viewing Business Component View Modes
Configuring Access to Business Components from Scripting Interfaces
Viewing an Applet's Access Control Properties
Listing View Access Control Properties
Example of Flexible View Construction
About Implementing Access-Group Access Control
Scenario That Applies Access-Group Access Control
Viewing Categorized Data (Users)
Implementing Access-Group Access Control
About Administering Catalogs of Data
Administration Tasks for Positions, Organizations, Households, and User Lists
Administering Access Groups
Associating Access Groups with Data
Managing Tab Layouts Through Responsibilities
Specifying Tab Layouts for Responsibilities
Assigning a Primary Responsibility
Exporting and Importing Tab Layouts
Managing Tasks Through Responsibilities
Administering Access Control for Business Services
Associating a Business Service with a Responsibility
Associating a Responsibility with a Business Service
Example of Associating a Responsibility with Business Service Methods
Clearing Cached Business Services
Disabling Access Control for Business Services
Administering Access Control for Business Processes
Clearing Cached Responsibilities
About Configuring Visibility of Pop-Up and Pick Applets
About Configuring Drilldown Visibility
Party Data Model
How Parties Relate to Each Other
Person (Contact) Data Model
User Data Model
Employee Data Model
Position Data Model
Account Data Model
Division Data Model
Organization Data Model
Partner Organization Data Model
Household Data Model
User List Data Model
Access Group Data Model
Back to top
Troubleshooting Security Issues
Troubleshooting User Authentication Issues
Troubleshooting User Registration Issues
Troubleshooting Access Control Issues
Back to top
Configuration Parameters Related to Authentication
About Parameters in the eapps.cfg File
Authentication-Related Parameters in Eapps.cfg
SSL and TLS-Related Parameters in Eapps.cfg
Siebel Gateway Name Server Parameters
Parameters for Database Authentication
Parameters for LDAP or ADSI Authentication
Parameters for Custom Security Adapter Authentication
Parameters for Application Object Manager
Parameters in the Gateway.cfg File
Siebel Application Configuration File Parameters
Back to top
Seed Data
Seed Employee
Seed Users
Seed Responsibilities
Listing the Views Associated with a Responsibility
Seed Position and Organization
Back to top
Addendum for Siebel Financial Services
Siebel Financial Services Applications
User Authentication for Siebel Financial Services
User Registration and Administration for Siebel Financial Services
Seed Data
Unregistered Users and Anonymous Browsing
Self-Registration
Internal Administration of Users
External Administration of Users
Maintaining a User Profile
Basic Access Control for Siebel Financial Services
Access Control Mechanisms
Administration of Access-Group Access Control
Configuration File Names for Siebel Financial Services Applications
Seed Data for Siebel Financial Services
Seed Users
Seed Responsibilities
Back to top
|