1. Security Guide
  2. Authentication Policy

Authentication Policy

The Oracle Warehouse Management Service provides the ability to setup different expiration dates for different users by enforcing password life in days. A few of these Account Policy settings are only checked and enforced during an interactive end user login or during web services http Basic Authentication user login. Some of the others Account Policy settings are checked when the user themselves is conducting an Oracle Warehouse Management service password change, or during an administration user maintenance update though the UI.

Note: With Oracle Single Sign-on, most users do not use the password in Oracle Warehouse Management Cloud for authentication. The exception to this is Integration users that are local and built-in users.

Account Policies provide control over password definitions, password renewal rules and login behavior. Account policies allow you to configure the following password rules:

  • Password Rules: validation rules for password strength

  • User Password Expiration

  • Warning period for password expiration

  • Duplicate password prevention, including configurable number of historical passwords

User Level Account Policy

The Account Policies provide control over password definition, password renewal rules and login behavior. Account policies allow you to configure the following password rules:

  • Password cannot match username

  • Password must be at least 6 characters. The password character length can be overridden per company by an ADMIN

    role user.

  • Password must have a combination of alphabetic and numeric characters.

  • Password should not have too many repeated characters.

  • Password cannot be a reverse of the username.

  • Password cannot be a portion of the username.

  • Username cannot be a portion of the password.

  • Use a more complex rather than simple password. Examples of a simple password: using 123, 1234, abc, abcd, admin,

    logfire, or the word “password” as part of the password.)

  • Cannot repeat recently used password.

Company Level Account Policy

The company account policy helps manage when the customers password expires via Company level security settings. From Companies, ADMIN users can go to Company Security Configuration to adjust the values as needed. The values and their functionality are described below:

Company Security Configuration Fields:

Field Name

Functionality Description

Minimum Password Life in Days This field defines the user password life validity for minimum number of days in a year.
Maximum Password Life in Days

This field defines the user password life validity for maximum number of days in a year.

Minimum Password Length

his field defines minimum number of characters used in a user password.

Minimum failed login attempts

This field defines maximum number of logins attempts that weren’t successful before locking the account.

Password History Count

This field defines number of last reused passwords for changing/updating the password.