Workbench administrators create user accounts that specify the user names and passwords that users need in order to log in to Workbench.
The administrators also assign permissions to each user account to determine which Workbench tools and content within the application are available to that user.
Note
The first time when Workbench users log in using passwords defined for them by the Workbench administrator, they are directed to a change password screen, where they must change the passwords defined by the Workbench administrator. If they do not change the passwords defined by the Workbench administrator, they will not be able to use features of Tools and Frameworks.
Administrators can also create groups and then add users to the groups. Creating groups is the recommended method of managing user permissions. For example, you can place all users that need access to a specific content collection into a group. By granting access to the group rather than to each user, you avoid the need to assign permissions to individual users. You can also make groups members of other groups which further aids in assigning permissions.
As soon as groups and users are added to Workbench, their names and passwords are associated with all applications across Workbench. Permissions, on the other hand, are associated with single applications, and must be specified for each application in Workbench.
Within an application, administrators provide permissions at the tool level or at a more granular content level. For example, you might provide a group with permissions to access the Experience Manager tool. This high-level access provides group members with write access to all the content within the Experience Manager. The administrator can also limit access to specific content folders within Experience Manager.
The Lightweight Directory Access Protocol (LDAP) is a centralized directory used by programs to look up user information. Using LDAP, one password for a user can be shared by many services. If you have Workbench configured to use LDAP for user authentication, an administrator can create a member profile where the password and identity information is stored and managed in an LDAP directory. LDAP integration also enables you to assign permissions across an entire LDAP group rather than configuring each user individually. For more information about configuring Workbench with LDAP, see Integrating LDAP with Oracle Commerce Workbench.
Note
Credentials required for accessing LDAP must be stored in the Oracle Credentials Store (OCS). Plaintext credentials are supported only for backward compatibility and not for new application development. For information about how LDAP credentials are stored in the OCS, refer to the Oracle Guided Search Security Guide.
Commerce SSO integrates authentication for Workbench and Oracle Commerce Business Control Center, allowing a user to switch between tools without encountering additional login screens. If your deployment has enabled Commerce SSO, then an administrator can create a member or group profile where the password and identity information is stored and managed in the Oracle Commerce Platform internal profile repository. For more information about configuring Workbench with Commerce SSO, see Integrating Workbench with Oracle Commerce Single Sign-On
User and group names cannot contain the following characters:
/ \ : [ ] | * ? " < >
.
As part of Workbench installation, a predefined Workbench administrator user is created with full administration privileges.
This administrator is assigned the username
admin
and the default password
admin.
The
admin
user can create additional users and
administrators in Workbench (only an administrator can create other
administrators). An administrator can also delete any other administrator
except the predefined administrator. See
Granting Workbench
administrator privileges to LDAP users and groups
for additional information about creating Workbench users when LDAP is enabled.
To log in to Workbench as an administrator, follow these steps:
After you log in as Workbench administrator for the first time, you
must change the default Administrator password from
admin
to any other password that satisfies Oracle's
security requirement. For information about these requirements, see
Password security requirements for Workbench users.
After you log in to Workbench for the first time, you must change the password of the admin user. You will be unable to use Workbench until you change this password.
Follow these steps to change the password for the predefined
admin
user:
In the upper right corner of Oracle Commerce Workbench, click the down arrow next to admin and then click Change Password.
Enter the current admin password in the field.
If this is the first time when you change the
admin
password since you installed Tools and Frameworks, the password isadmin
.Enter your new password in the New Password and Confirm Password fields.
The new password must contain a minimum 8 characters, including at least one numeric character, and must not be the same as the user name (in this case,
Admin
).In the case of automation, and after you install Tools and Frameworks but before you run control scripts or baseline indexing, you can then change the password using following command:
curl -u admin:admin -F"oldPwd"=admin -F"newPwd"=admin123 -F"newPwdConfirm"=admin123 http://localhost:8006/ifcr/system/userManager/user/admin.changePassword.json
Add the new password to the OCS, following these steps:
Note
You cannot use this procedure to change the password of any Oracle Workbench administrators that are in the Commerce or LDAP repositories.