Siebel CRM Siebel Security Guide Siebel Innovation Pack 2016, Rev. A E24814-01 |
|
Previous |
Next |
View PDF |
This topic describes how to manage forgotten passwords. If a user who has previously self-registered on a Siebel customer or partner application forgets his or her password, then the user can get a new password by clicking the Forgot Your Password? link in the login dialog box.
Note: Forgot Your Password? is a default feature of Siebel customer and partner applications, but it is available only if you implement LDAP or ADSI security adapter authentication. To implement similar functionality in a Web SSO environment, you are responsible for configuring the functionality in your external authentication application, in your user directory, and in your security adapter. Consult your third-party vendor documentation for information about performing these tasks. |
You can optionally configure the Forgot Your Password? feature in a number of ways:
You can specify the minimum and maximum length of the new password that a user can retrieve as described in "Defining Password Length for Retrieved Passwords".
You can amend the forgotten passwords workflow process to change:
The way in which the user identification data is compared with database user records.
The identification data requested from users.
For information on both these tasks, see "Modifying Workflow Process to Request Different Identification Data".
For additional information about managing forgotten passwords, see also the following topics:
This topic describes how users, who have previously self-registered, can create new passwords if they have forgotten their existing password. On a future login, users can change new passwords in the User Profile view.
The following procedure describes the steps involved in retrieving a new password.
In the login dialog box, the user clicks Forgot Your Password?
The User Information form appears.
The user completes all fields of the form, and then clicks Submit.
The database comparisons done with the Last Name field and First Name field entries are case-sensitive.
The Work Phone # entry numbers are compared with the database. The comparison disregards any separators.
If a matching record is found, then the Challenge Question form appears.
The user enters the answer to the challenge question.
If the challenge question is answered correctly, then the user is prompted to enter a new password, and then to reenter the password to confirm it.
Provided that the passwords match and do not violate the requirements for passwords set by the directory server, the new password is set for the user.
Click Continue.
Related Topic
This topic describes how to configure the length of new passwords retrieved by users who have previously self-registered but who have forgotten their password. For information on the forgotten password feature, see "About Managing Forgotten Passwords" and "Retrieving a Forgotten Password (Users)".
To make sure that passwords conform to your company's policy on password length, you can specify minimum and maximum character lengths for passwords by adding two user properties to the User Registration business service in Siebel Tools. These user properties are RandPassMinLength and RandPassMaxLength. When a user requests a new password using the Forgot Your Password feature, the User Registration business service invokes the SetPassword method to create the new password after verifying that the password meets the password length requirements defined for these two properties.
To define minimum and maximum values for password length
Open Siebel Tools and, in the Object Explorer, click Business Service.
The Business Services list appears.
In the Business Services list, query or scroll to select the User Registration business service.
Choose Tools, and then Lock Project.
In the Object Explorer, click Business Service User Props.
The Business Service User Props list appears.
Right-click in the Business Service User Props list and select New Record from the displayed context menu.
A new record field appears.
Complete the fields for the new record, as shown in the following table.
In this field... | Enter... |
---|---|
Name | RandPassMinLength |
Value | Enter the minimum number of characters that your company's password policy states a password must contain.
The default value is 5. |
This defines the minimum number of characters that a password can contain.
Step off the record to save changes.
Repeat Steps 5, 6, and 7 with modifications for Step 6, as shown in the following table.
In this field... | Enter... |
---|---|
Name | RandPassMaxLength |
Value | Enter the maximum number of characters that your company's password policy states a password must contain.
The default value is 15. |
This defines the maximum number of characters that a password can contain.
Recompile the Siebel repository file, and unlock the User Registration project.
Forgot Your Password? is implemented in the User Registration Forgot Password Process workflow process. This process is a subprocess in User Registration Initial Process.
As described in "Retrieving a Forgotten Password (Users)", to receive a new password, the user must provide identification data that is compared with database user records. If all four fields return a case-sensitive match with an existing record, then the user must answer the challenge question associated with that record. The challenge answer must also return a case-sensitive match.
When a user enters values to the comparison fields in the user interface, the values are written to fields in the User Registration business component. This business component is based on the same tables as the User business component. The virtual field values are not written to the database, but are compared with field values in those underlying tables.
The user entries in the following fields in the user interface are compared with field values in the tables indicated:
The Last Name, First Name, Email, and Work Phone # fields are compared with S_CONTACT field values.
The Challenge Answer field is compared with an S_USER field value.
The User Registration Forgot Password Process workflow process uses the following views:
User Registration Forget Pwd Challenge Answer Error View
User Registration Forgot Pwd Error View
User Registration Forgot Pwd Invalid Error View
User Registration Forgot Pwd Reset Confirm View
User Registration Pwd Info View
User Registration Pwd Nomatch View
User Registration Forget Pwd Challenge Ques View
Related Topic
You can modify the User Registration Forgot Password Process workflow process in the following ways:
Make a comparison of null fields as well as fields for which the user has provided a value
For information on this task, see "Modifying Workflow Process to Query Null Fields".
Request different identification data from the user
For information on this task, see "Modifying Workflow Process to Request Different Identification Data".
In the User Registration Forgot Password Process workflow process, the Query User step invokes the FindContact method of the User Registration business service. This method queries the database for user records whose data matches the identification data provided by the user. If the query returns a unique record, then the user can prove he or she owns the record by answering the challenge question.
Table 8-2 describes the arguments for the FindContact method.
Table 8-2 FindContact Method Arguments
Related Topic
By default, if a user completes fewer than all four fields on the User Information form, then only the fields that a user completes are used in the query to find a unique matching record in the database. For example, if the user enters first and last name only, then the query does not do any comparisons on the Email or Work Phone # fields.
You can specify that the Query User step (FindContact method in the User Registration business service) must check that fields left empty by the user are confirmed to be NULL in the database record to conclude that a record is a match. The following procedure describes this task.
To modify the User Registration Forgot Password Process workflow to query null fields
Make a copy of the User Registration Forgot Password Process workflow.
In the copy of the workflow, modify the Query User step by adding the QueryAllFields input argument with a value of Y. By default, the value of this input argument is N.
When you create input arguments, enter the fields and values described in the following table.
Field | Value |
---|---|
Input Argument | QueryAllFields |
Type | Literal |
Value | Y |
Activate the amended copy of the User Registration Forgot Password Process workflow.
For detailed information about modifying workflow processes, see Siebel Business Process Framework: Workflow Guide.
Related Topics
"About Modifying the Workflow Process for Forgotten Passwords"
"Modifying Workflow Process to Request Different Identification Data"
The data requested from the user in the User Information form is compared with data in existing user records to locate a unique database record. If you want to compare different data than those compared in the seed User Registration Forgot Password Process workflow process, then you must do the following tasks:
Modify the user interface
Modify User Registration Forgot Password Process input arguments
To add or delete a field in the User Information form, you must use Siebel Tools to modify its underlying applet. The following procedure is intended to list the major steps you must perform to add or delete a field in the User Information form. For detailed information about performing any step, see Configuring Siebel Business Applications.
To add or delete a field in the User Information form
Open Siebel Tools.
Lock the User Registration project.
If you are adding a field, then determine what field to add. Add to both the VBC User Registration virtual business component and the User Registration business component the field that corresponds to the field you want to add. Use the same names for these fields.
For more information, see "(Optional) Modifying Self-Registration Views and Workflows".
In the Object Explorer, click Business Component.
In the Business Components list, query or scroll to select the User Registration business component.
In the Object Explorer, expand Business Component, then click its Field child item.
In the Fields list, add the field you need for this business component.
Repeat this process for the VBC User Registration virtual business component.
Configure the applet VBC User Registration Initial Form Applet to display or hide the field.
In the Object Explorer, click Applet.
In the Applets list, query or scroll to select the applet VBC User Registration Initial Form Applet.
In the Object Editor, expand Applet, then click its Control child item.
In the Controls list:
If you want to hide a field, then select its record in the Controls list and check its Inactive field.
If you want to add a field, then add a new record in the Controls list. Complete only the fields listed. Use the indicated guidelines.
Field | Guideline |
---|---|
Name | Enter a name for this field, such as City |
Caption | Enter the caption you want for this field in the user interface, such as City |
Field | Enter the field that you determined in Step 3, such as City |
HTML Display Mode | Delete the default value, so the field is empty |
HTML Row Sensitive | Check |
HTML Type | Pick Text |
Sort | Check |
Text Alignment | Pick an alignment |
Visible | Check |
Visible - Language Override | Enter Y |
Configure the appropriate applet Web template for VBC User Registration Initial Form Applet to display or hide the field.
Recompile the Siebel repository file and unlock the User Registration project.
To remove a field from the self-registration user interface, you do not have to delete the field from the applet in which it appears. Instead, configure the applet so that the field is not displayed.
In the Query User step of User Registration Forgot Password Process, you specify the input fields to the FindContact method in the User Registration business service that are used to find a matching user record. You must modify this step to add or delete an input field.
You make this change by modifying the input arguments for the Query User step for a revised copy of the User Registration Forgot Password Process workflow process, then activating this copy. When you create input arguments, enter the fields and values described in Table 8-3.
Table 8-3 Values for Input Arguments for Query User Step
Field | Guideline |
---|---|
Input Argument |
Enter the name of the field in the User Registration business component that you noted in Step 3 of "Modifying the User Interface for User Registration", such as |
Type |
Pick |
Property Name |
Pick the process property that corresponds to the field in the User Registration business component that you noted in Step 3 of "Modifying the User Interface for User Registration", such as |
Property Data Type |
This field automatically populates with the data type of the process property. |
Related Topics
"About Modifying the Workflow Process for Forgotten Passwords"