Security

The User Management Interface software uses Transport Layer Security (TLS) to provide message encryption and tamper protection of web service calls. Authentication is performed by including a user name and password in the SOAP header. For more information, see Writing requests. The specified credentials must match a pre-established InForm integration user that must be pre-defined in each deployed study.

The integration user:

• Is an InForm user whose credentials are included in each request.
• Is created in the InForm application and assigned a password.
• Should not be assigned to any sites or groups.

The credentials for the integration user:

• Are validated against the InForm database and the request is rejected when invalid credentials are provided.
• Are subject to the same password policies (for example, length, account disable, and so on) as InForm end-user accounts, with the exception of password expiration.
• Can be renewed programmatically through the User Management Interface software while still valid.

The User Management Interface software ignores expired account status for valid passwords on active accounts. This behavior minimizes operational overhead that is associated with maintaining individual password expiration windows for the integration user account in each study. As a result, password expiration policy must be implemented through a business operating procedure.

If an invalid password for the integration account is repeatedly entered, the account is deactivated and subsequent calls to the API are rejected. To reactivate the account, the administrator must use the InForm user interface.

• Access to Oracle Support
• Accessibility
• Legal Notices

Copyright © 2019, 2021 Oracle and/or its affiliates. All rights reserved.