Access to Token Proxy Configuration Web Portal is secured through Form-Based Authentication. The user is required to have a valid username and password in order to have access to the Portal.
Users are not allowed to create accounts by themselves; instead, the Web Portal administrator is responsible for creating the accounts and assigning the appropriate permissions to the accounts. By default, user accounts get created without a predefined password, instead, users are asked to create a password when logging in for the first time.
Token Proxy Configuration Portal uses Role-based Authorization in order to control the access to the different areas in the web portal, a Role is basically a named collection of privileges which can be assigned to users.
Create or maintain users
Create or modify any client
Maintain the card type translation
View or maintain the audit logs
A client user can only log in and manage existing clients that they are specifically assigned to by a system administrator user. The client user role cannot create or view the details of other clients.
You must use an email as the user ID for the Token Proxy Exchange Service web portal.
Create passwords using a reset password link containing a unique random token sent by email.
The database stores passwords using a salt hash format. The hash algorithm is SHA256.
All password values are validated to ensure they meet the required minimum complexity.
The system administrator and the client user roles are created during the installation.
Configurable password expiration (default value: 90 days).
Configurable account locking mechanism based on failed logging attempts (default: 3 failed attempts, default lock time: 240 minutes).
Configurable Password History validation (users will not be able to repeat passwords used in the past, default: last 4 passwords).
One-time-token-based reset password mechanism with configurable token expiration time.
Parent topic: Token Proxy Service Exchange Security