| Agile Product Lifecycle Management Administrator Guide Release 9.3.4 E52155-02 |
|
 Previous |
 Next |
| Agile Product Lifecycle Management Administrator Guide Release 9.3.4 E52155-02 |
|
Previous |
Next |
To provide an enhanced level of access security in Agile PLM, you can set a systemwide user account policy. The features of this policy include password aging, length, uniqueness, and lockout.
Before configuring systemwide user account policy for Agile PLM, make sure you answer the following questions:
Will you be using an LDAP system to create Agile PLM users? You may decide to set up Account Policy functionality on your LDAP server. See "LDAP as a Node in Administrator."
Do you want user passwords to expire? If so, how often (number of days)?
Do you want users to be able to change their passwords at any time? If not, how often (number of days) should they be changed?
What is the minimum number of characters permitted?
Do you want to prevent users from using the same password over again? If so, how many previous passwords do you want the system to remember?
Do you want a systemwide lockout policy to prevent unauthorized attempts to log in to the system?
If a user is locked out, do you want yourself or others to be notified?
To configure your systemwide account policy:
Under User Settings, double-click Account Policy. The Account Policy window appears.
Configure your systemwide account policy by setting the properties described in the tables below: Account Policy, Account Lockout properties, Account Policy, Password Age, Length and Uniqueness properties, and Account Policy, Password Rules properties.
|
Note: The account lockout rules apply to all Agile PLM clients, including Java Client, Web Client, ChangeCAST, AIS, ACP, Agile Drive, and SDK. |
Table 12-1 Account Policy, Account Lockout properties
| Property | Description |
|---|---|
|
Account Lockout |
Controls whether the system remembers failed logons. When this property is set to Disabled, the system does not remember failed logons, and these properties are not in use: Logon Attempts, Reset Count Time, Logout Duration, and Account Lockout Notify User. When Account Lockout is set to Enabled, these properties are enabled.
|
|
Logon Attempts |
Enabled when Account Lockout is set to Enabled. Enter a value between 1 and 999,999,999. The default is 3 failed attempts, in which case the lockout of that user account occurs upon the third failure. |
|
Reset Count Time (in minutes) |
Enabled when Account Lockout is set to Enabled. Enter a value between 1 and 999,999,999. The default is 30 minutes, after which that user account reverts to allowing the number of attempts set in Logon Attempts.
|
|
Lockout Duration (in minutes) |
Enabled when Account Lockout is set to Enabled. Enter a value between 1 and 999,999,999. The default is 0, which means the user is locked out until you reset that user account. Lockout Duration and Reset Count Time do not "trump" each other, meaning a user, upon being locked out, will have to wait for the higher value of these two properties to expire. |
|
Account Lockout Notify User |
Enabled when Account Lockout is set to Enabled. To assign users to receive email notification if a user is locked out, click the button at the right for the address book to appear, and select any number of users to be notified. On the User Groups tab of the address book, when you select a user group, only the button that adds all the members of the group is enabled; you can, however, add all the members of a group and then remove individuals from the Recipients list. |
Table 12-2 Account Policy, Password Age, Length and Uniqueness properties
| Property | Description |
|---|---|
|
Password Never Expires |
This value permits a user to have a password that is never required to be re-set. |
|
Password Expiry (in days) |
If the password is able to expire, this setting is enabled and the administrator can choose a number of days that password is valid. |
|
Minimum Password Length |
This value sets the minimum number of characters that any user's password can be. Default is 1. |
|
Password Uniqueness |
The value 0 (default) permits users to reuse passwords they have used before when it comes time to change passwords. To prevent users from reusing passwords, enter a number, which is the number of passwords that the system remembers for each user, and does not allow to be reused. For example, with a value of 3, users will not be able to reuse their first password when it is time to select their fourth password. When it is time to select their fifth password, however, each user could reuse their first password, because the system remembers their second, third, and fourth passwords, but not their first. |
Table 12-3 Account Policy, Password Rules properties
| Property | Description |
|---|---|
|
At Least One Numeric Character |
Set this value to Yes or No to provide a specific requirement of the password construction process for users. |
|
At Least One Special (Punctuation) Character |
Set this value to Yes or No to provide a specific requirement of the password construction process for users. |
|
At Least One Lowercase Character |
Set this value to Yes or No to provide a specific requirement of the password construction process for users. |
|
At Least One Uppercase Character |
Set this value to Yes or No to provide a specific requirement of the password construction process for users. |
|
Must Not Contain User ID |
Set this value to Yes or No to provide a specific requirement of the password construction process for users. |
|
Minimum Number of Rules Matched |
The setting for this value can be an integer equal to or less than the number of rules enabled, which is then the number of rules that need to be met with the user password construction. If the rules are not matched, an error message alerts the user. |
If a user is locked out of their account because of entering the wrong password more times than Logon Attempts permits, and the Reset Count Time is a high value, you should reset the user's login password. This will reset the user's locked status and allow them to access the system.
An additional setting concerning passwords (for Web Client users) is under Preferences node. See "Allow Password Reset."
