Siebel CRM Siebel Security Guide Siebel Innovation Pack 2017, Rev. A E24814-01 |
|
![]() Previous |
![]() Next |
View PDF |
For enhanced security, you might want to implement the following account policies. Account policies are functions of your authentication service. If you want to implement account policies, then you are responsible for setting them up through administration features provided by the authentication service vendor.
Password syntax rules, such as minimum password length.
When creating or changing passwords, minimum length requirements and other syntax rules defined in the external directory are enforced by the Siebel application.
An account lockout after a specified number of failed attempts to log in.
Account lockout protects against password guessing attacks. Siebel Business Applications support lockout conditions for accounts that have been disabled by the external directory.
Password expiration after a specified period of time.
The external directory can be configured to expire passwords and warn users that passwords are about to expire. Password expiration warnings issued by the external directory are recognized by Siebel Business Applications and users are notified to change their passwords.
Password expiration can be implemented in the following authentication strategies:
Security adapter authentication: LDAP or applicable custom security adapter
Database authentication where supported by the RDBMS
If you are using an LDAP security adapter, then password expiration is handled by the external LDAP directory, and is subject to the configuration of this behavior for the third-party directory product.
For example, when a password is about to expire, the directory might provide warning messages to the Siebel application to display when the user logs in. Such a warning would indicate the user's password is about to expire and must be changed. If the user ignores such warnings and allows the password to expire, then the user might be required to change the password before logging into the application. Or, the user might be locked out of the application once the password has expired.
Password expiration configuration steps for each directory vendor will vary. For more information, see the documentation provided with your directory product.
Note: Confirm all third-party directory product behavior and configuration with your third-party documentation. |