Password Options - Non LDAP

There are three options for creating passwords for new users and/or users that request a password reset. These configuration options are set in Xadmin Settings. See System Management, Oracle Retail Xstore Office Configuration for more information about setting up password options.

  • Manual Setup - Using this option, the administrator creates each password and then communicates it to the user. When creating a new user, the Password text box must be populated with a password that meets the standards set by other Oracle Retail Xstore Office password configurations defined in Xadmin Settings, User Accounts section.

  • Static Passwords - Using this option, the administrator first sets up a static (universal) password within Oracle Retail Xstore Office Settings for all new users, for example A@23456. This static password will be temporarily used by new Oracle Retail Xstore Office users, and users that have requested a password reset. A Password text box is not needed on the Edit User page since a static password is used for all new users. The Oracle Retail Xstore Office user will be prompted to change this password the first time he/she logs into the system.

  • Auto-generated Password Via Algorithm - Using this option, the password is created automatically for the user based on a predetermined algorithm. The algorithm contains aspects of the user profile that can be communicated easily. The algorithm currently used is as follows:

    • The first letter of the user's first name (upper case).

    • The first letter of the user's last name (lower case).

    • The @ symbol.

    • The month and year in which the user record is created (when the password is requested) in MMYYYY format.

The Oracle Retail Xstore Office user will be prompted to change this password the first time he/she logs into the system.

Passwords: Special Characters & Rules

Table 2-1 Valid Password Special Characters

Character Description

!

exclamation mark

#

pound or number sign

$

dollar

%

percent

&

ampersand

(

open parenthesis

)

close parenthesis

*

asterisk

-

minus or hyphen

=

equal

?

question mark

@

at

[

open bracket

]

close bracket

ˆ

carat

_

underscore

{

open brace

}

close brace

|

pipe or bar

~

tilde

+

plus

Table 2-2 Invalid Password Special Characters

Character Description

'

apostrophe or single quote

`

back quote

\

back slash

:

colon

,

comma

>

greater than

.

period

"

quote

;

semi-colon

/

slash or forward slash

Password & User ID Configuration

Password & User ID settings are configured in System - Xadmin Settings - User Account category. These settings include the following:

Method of Creating Password for New Users - The method used to create the password for newly added users. See Password Options - Non LDAP for more information about the three options available.

Number of Capital Letters Required for a Password - The minimum number of capital letters that should appear in a password. The minimum number is zero (0).

Number of Changes Before a Password Can Be Reused - The number of password resets within which associates are not allowed to reuse the same password. For example, setting the value to 12 ensures a user's new password cannot match any of his/her 12 previous passwords. A setting of zero (0) means that the same password can always be reused.

Number of Consecutive Characters Allowed in a Password - The maximum number of times that any given symbol or character can repeat consecutively within the password string. The minimum number is one (1).

Number of Login Attempts Before Account Is Locked - The number of times an invalid password can be entered before the account is locked. The minimum number is one (1).

Number of Numbers Required for a Password - The minimum number of digits that should appear in a password (accepted values = 0-9). The minimum number is zero (0).

Number of Special Characters Required for a Password - The minimum number of special characters that should appear in a password. The minimum number allowed is zero (0). See Passwords: Special Characters & Rules for a list of valid special characters.

Password Expiration Days - The number of days that a password can be used before it expires. If a user successfully logs into Oracle Retail Xstore Office (enters valid user name and password), but the password is older than the configured number of days, the user will be rerouted to the Change Password screen and will not be able to access the system until the password has been successfully changed.

Password Length - The minimum length of a password. If a value of 1 is set, passwords have no minimum length, but cannot be empty/blank.

User ID Length - The minimum number of characters that must be used in order for a user ID to be valid.

See System Management for more information about the password configuration options.

Additional Password Requirements

  • A user's password cannot be the same as his/her user ID.

  • Passwords cannot contain null or whitespace characters (space, tab, carriage return, \0, for example). Note that leading or trailing null and whitespace characters are silently trimmed by the UI automatically.

Resetting a User's Password

Use the Reset Password function to manually reset user passwords when needed. This option is available with Static and Algorithm password generation methods only.

Note:

If Oracle Retail Xstore Office is configured for Manual password generation, simply change the password in the Password field on the Edit User page:

  • If you reset your own password, it will not be marked as temporary in Oracle Retail Xstore Office.

  • If you (the administrator) manually reset another user's password, it will be marked as temporary in Oracle Retail Xstore Office and the user must change it during the next login.

  1. From the Oracle Retail Xstore Office menu, select System - Xadmin Users, or click the Xadmin Users link in the System panel.

  2. At the Xadmin Users page, click Users and Security Access.

  3. At the Users and Security Access page, select a user account from the list.

  4. Click the Reset Password link.

  5. When prompted, verify the user account and email address are correct, then click Yes to continue.

    Note:

    If the user does not have an email address on record, you will be prompted whether or not to continue. Click No to return to the Edit User page and enter an email address, or click Yes to continue without generating an email for the user.

  6. The password is reset based on the configured password method, either the static (universal) password or the algorithm password.An email is generated and sent to the Oracle Retail Xstore Office user with the details.