Password policy settings
As a solution developer
I want to be able to control password settings for user passwords
So That I can make sure passwords are up to security standards
Benefits: MooD can more easily be accepted as (for instance) an external portal.
Acceptance Criteria
- Password settings with ability control (at a minimum) password lengths.
- Ability to differentiate between MAE only users and MBA users and set up "webb only" accounts and "client only" accounts.
- "Nice to have": Ability to control password strength requirement based on user groups.
Customer / Originator Me
Priority Mid/High
-
Hey Karl!
If you go to Manage Repository -> "Audit and Security Settings" (as administrator, otherwise you don't see the tabs), you'll get options to set minimum (and max) password length, also the option to enforce a certain password completely that lives up to modern standards.
This might be a bit annoying from a MooD BA perspective? But fear not, goto the preview tab "Authentication" and set "Verify Credentials with" -> "Windows Authentication (recommended) which will give you single sign on for your MooD BA users.
Only issue is that merging via MooD integrator is not supported with this method yet, but you'll have to punch or copy in your password.
Could that work? This would allow easy access to MBA, but strong passwords from a web frontend? (Internet?)
-
Hi Sören,
Thanks! The issue was (I assume) that I didn't log in via the Administrator account, but rather with an account in the administrator group. I'll check it out.
Sounds like it does everything we'd like it to do except for variable password policy, based on user groups (e.g. allowing for some "free to access" demo accounts with no password all the way up to very stringent security settings for admin rights).
Thanks!
-kHz
-
Thank you @Soren for helping Karl out there. Great community spirit!
Karl, for now, you can use the Anonymous account - and assign permissions to hierarchies appropriately. I know that's not a great solution for allowing you to separate users and actually track their movements.
If the Anonymous user isn't what you're after, then I think your safest option would be a parallel demo web site, where password policy was non-existent, users could easily log in as each other and destroy each other's work. As, with no password, i could easily log in as someone else!
Please sign in to leave a comment.
Comments
4 comments