Managing Users
Access to Token Proxy Configuration Web Portal is secured through Form-Based Authentication. The user is required to have a valid username and password in order to have access to the Portal.
Users are not allowed to create accounts by themselves; instead, the Web Portal administrator is responsible for creating the accounts and assigning the appropriate permissions to the accounts. By default, user accounts get created without a predefined password, instead, users are asked to create a password when logging in for the first time.
Token Proxy Configuration Portal uses Role-based Authorization in order to control the access to the different areas in the web portal, a Role is basically a named collection of privileges which can be assigned to users.
-
Create or maintain users
-
Create or modify any client
-
Maintain the card type translation
-
View or maintain the audit logs
A client user can only log in and manage existing clients that they are specifically assigned to by a system administrator user. The client user role cannot create or view the details of other clients.
-
You must use an email as the user ID for the Token Proxy Exchange Service web portal.
-
Create passwords using a reset password link containing a unique random token sent by email.
-
The database stores passwords using a salt hash format. The hash algorithm is SHA256.
-
All password values are validated to ensure they meet the required minimum complexity.
-
The system administrator and the client user roles are created during the installation.
-
Configurable password expiration (default value: 90 days).
-
Configurable account locking mechanism based on failed logging attempts (default: 3 failed attempts, default lock time: 240 minutes).
-
Configurable Password History validation (users will not be able to repeat passwords used in the past, default: last 4 passwords).
-
One-time-token-based reset password mechanism with configurable token expiration time.
Parent topic: Token Proxy Service Exchange Security