5 Managing Passwords and Login Names

Learn how to manage customer authentication, including login names, passwords, and security codes, in Oracle Communications Billing and Revenue Management (BRM).

Topics in this document:

• About Login Names and Passwords

• Using Security Questions

• Assigning Passwords Automatically

• Defining Email Login Names

• Detecting Duplicate Logins

About Login Names and Passwords

By default, all services require a login name and password. For services such as telephony where a customer does not use a login and password, logins and passwords can be generated automatically for internal use.

• By default, the login name can be a minimum of 1 character and a maximum of 255 characters.

• By default, the password must be a minimum of 1 character and a maximum of 255 characters.

• Login names are unique and can be assigned to only one account.

You can change the minimum and maximum login name and password lengths by using the Field Validation Editor. See "Specifying How to Validate Customer Contact Information".

All login names and passwords are associated with a service, such as the broadband service (/service/ip). Customer service representatives (CSRs) use a login name and password to log in to the admin_client service.

BRM uses two types of customer passwords:

• Customers use service passwords, such as the password that a customer provides when logging in to a broadband connection, to access a broadband service.

• Customers use account passwords for non-IP access, such as accessing a Web page.

By default, account passwords are stored in the database in an encrypted format; service passwords are not.

To customize password encryption, use the PCM_OP_CUST_POL_ENCRYPT_PASSWD, PCM_OP_CUST_POL_COMPARE_PASSWD, and PCM_OP_CUST_POL_DECRYPT_PASSWD opcodes. See "Creating Passwords" in BRM Opcode Guide.

For more information about encryption, see "About Encrypting Data" in BRM Developer's Guide.

About Telco Service Logins and Passwords

When you create an account that uses telco services, the customer ID and password are generated automatically. Therefore, a CSR does not need to enter an ID and password at account creation or when adding a telco service.

Note:

Internally, the customer ID is the same as the login name.

• To ensure that a unique ID is generated, the default ID is a unique string composed of the following elements:

  • A timestamp generated by the Connection Manager (CM) that was used for creating the account.

  • The process ID (PID) of the CM.

  • The thread ID of the CM (always 1).

  • The CM host name.

  For example:

  269-20011128-095216-7-22493-1-host_name

  When an ID is needed: for example, for Web-based account management: the customer enters their MSISDN or IMSI. Applications can retrieve the MSISDN or IMSI from the customer's service objects. (Customers can also enter the ID.)

  Note:

  When using an MSISDN or IMSI as a login, the customer must enter the full number with no punctuation, such as 014085551212.

  To customize how IDs are generated, you customize the PCM_OP_CUST_POL_PREP_LOGIN policy opcode.

• For security purposes, BRM generates a random eight-character password. You cannot change the password when a service is being added, but you can change it later.

  To customize how passwords are generated, you customize the PCM_OP_CUST_POL_PREP_PASSWD policy opcode.

Using Security Questions

You can specify two security questions for a customer. When a customer calls a CSR, the CSR asks the customer the security question, which is displayed in Customer Center or Billing Care.

Unlike service passwords, security codes are not validated by BRM; therefore, you cannot enforce properties such as the number of characters in a security code.

Assigning Passwords Automatically

You can set up account creation to do either of the following:

• Require the customer to specify a password. This is the default.

• Generate a password automatically for the customer.

To generate a password for the customer, you must supply the algorithm for generating passwords. To do so, customize the PCM_OP_CUST_POL_PREP_PASSWD policy opcode. See "Customizing Passwords" in BRM Opcode Guide.

Defining Email Login Names

Note:

Changing the customer's email login name also changes the customer's email address. Before changing a login name, make sure the customer wants to change the email address.

To change the requirements for email login names, use the PCM_OP_CUST_POL_PREP_LOGIN and PCM_OP_CUST_POL_VALID_LOGIN policy opcodes. See "Customizing Login Names" in BRM Opcode Guide.

The default email login requirements are:

• The email login must use all lowercase characters.

• The email login must include the domain, in this format:

  login@domain

  For example: francisco@example.com

Detecting Duplicate Logins

By default, BRM does not check for duplicate logins. This means that more than one customer can log in to a service by using the same name. To check for duplicate logins, use the PCM_OP_ACT_POL_SPEC_VERIFY policy opcode. See "Enabling Duplicate Session Checking" in BRM Opcode Guide.