Password policy settings

Answered

Comments

4 comments

  • Avatar
    Soren Staun

    Hey Karl!

    If you go to Manage Repository -> "Audit and Security Settings" (as administrator, otherwise you don't see the tabs), you'll get options to set minimum (and max) password length, also the option to enforce a certain password completely that lives up to modern standards.

    This might be a bit annoying from a MooD BA perspective? But fear not, goto the preview tab "Authentication" and set "Verify Credentials with" -> "Windows Authentication (recommended) which will give you single sign on for your MooD BA users.

    Only issue is that merging via MooD integrator is not supported with this method yet, but you'll have to punch or copy in your password.

    Could that work? This would allow easy access to MBA, but strong passwords from a web frontend? (Internet?)

     

    0
    Comment actions Permalink
  • Avatar
    Karl Hertz

    Hi Sören,

    Thanks! The issue was (I assume) that I didn't log in via the Administrator account, but rather with an account in the administrator group. I'll check it out.

    Sounds like it does everything we'd like it to do except for variable password policy, based on user groups (e.g. allowing for some "free to access" demo accounts with no password all the way up to very stringent security settings for admin rights).

    Thanks!

    -kHz

    0
    Comment actions Permalink
  • Avatar
    Giles Middleton

    Thank you @Soren for helping Karl out there. Great community spirit!

     

    Karl, for now, you can use the Anonymous account - and assign permissions to hierarchies appropriately. I know that's not a great solution for allowing you to separate users and actually track their movements. 

    If the Anonymous user isn't what you're after, then I think your safest option would be a parallel demo web site, where password policy was non-existent, users could easily log in as each other and destroy each other's work. As, with no password, i could easily log in as someone else!

     

     

    0
    Comment actions Permalink
  • Avatar
    Soren Staun

    @karl I did report that "feature" that only Administrator could see those tabs "somewhere" (??), but it's a been busy bug-reporting week this one. It still seems peculiar to me that member of the "Administrators" group cannot see this tabs.

    2
    Comment actions Permalink

Please sign in to leave a comment.