Password Security Configuration
When you install Workflow, you are required to set up an Administrator user and you have to option to configure user authentication settings. At any time after installation, you can use the Configure Security tool to change the Administrator user login credentials, GE Single Sign On (SSO), enable users to change their password, configure login limits, and configure password complexity.
Administrator User Configuration
The following table describes the information available for configuring the Administrator user credentials.
| Property | Value | Description |
|---|---|---|
| Name | User-defined | Specifies the login name for the Administrator user. The default is Admin. |
| Password | User-defined | Specifies a unique password for the Administrator user. |
| Confirm Password | User-defined | Specifies the same unique password that you entered in the Password field. |
GE Single Sign On (SSO)
When GE Single Sign On is used, this option becomes available on the login dialog box.
The following table describes the information available for enabling the use of GE Single Sign On logins.
| Property | Value | Description |
|---|---|---|
| Use SSO | N/A | Indicates whether Workflow uses GE Single Sign On for login purposes. For an upgrade installation, you must use the Configure Security tool to enable the GE Single Sign On option on the login dialog box. |
| Production Identity Provider | User-defined | Indicates that you require greater restrictions and security for your environment. This option is recommended for both production and non-production environments. During a new installation or an upgrade, when you select the Use SSO (Single Sign On) check box, the Production Identity Provider option is selected by default. |
| Non-Production Identity Provider | User-defined | Indicates that you do not require greater restrictions and security for your environment. This option can be used for non-production environments, such as test environments. |
Workflow User Password Change
The following table describes the information available for enabling the ability to change passwords.
| Property | Value | Description |
|---|---|---|
| Allow Password Change | N/A | Indicates whether Workflow users can change their passwords when they log in to Workflow. For an upgrade installation, you must use the Configure Security tool to enable the change password link on the login dialog box. |
Account Lockout Settings
If a user exceeds the defined login limit, his account is locked out and he must either wait for the lockout duration to pass or ask an Administrator user to reactivate his account.
The following table describes the information available to configure Workflow user login limits.
| Attribute | Value | Description |
|---|---|---|
| Enforce User Lockout | User-defined | Select this check box to indicate that account lockout rules are being used. This check box is selected by default during a full installation and during an upgrade installation. For an upgrade installation, you must use the Configure Security tool to disable account lockout settings. |
| Lockout threshold | User-defined | Specifies the number of consecutive failed login attempts that can be made before a Workflow user account is locked out of Workflow. Valid values are 1 through 100. The default lockout threshold is 5. |
| Lockout duration | User-defined | Specifies the number of minutes that a Workflow user account is locked out of Workflow when it fails to successfully log in the defined number of times. Valid values are 0 through 10,000. A value of 0 indicates that an account is locked out indefinitely and must be reactivated by an Administrator user. The default lockout duration is 30 minutes. |
| Lockout timeframe | User-defined | Specifies the number of minutes after the last failed login attempt occurs before the failed login count is reset and the user can attempt to log in again. A successful login after this duration has passed resets the window to this value. Valid values are 1 through 10,000. The default window size is 30 minutes. |
Example
If you define a threshold of 5, duration of 60 minutes, and observation window size of 30 minutes then, if a user attempts to log in and fails five time within 30 minutes, his account will be locked out for 60 minutes. All login attempts for that account will be rejected until the 60 minutes is up or an Administrator user unlocks the account.
Password Complexity Rules
Password rules are enforced on new passwords and when a user's password is changed, and each rule is enforced separately. The values for each rule can range from 0 (disabled) to 100.
The following table describes the information available for configuring password complexity.
| Rule | Value | Description |
|---|---|---|
| Enforce Password Complex Rules | N/A | Select this check box to indicate that password complexity rules are being used. This check box is selected by default during a full installation. For an upgrade installation, you must use the Configure Security tool to enable password complexity rules. |
| Simple | N/A | Select this option to indicate that user passwords must contain at least six characters of any type. |
| Normal | N/A | Select this option to indicate that user passwords must contain at least six characters and those characters must be composed of at least two digits (0-9) and three letters (a-z and/or A-Z). |
| Advanced | N/A | Select this option to configure complex password rules. Each rule is enforced separately. Valid values range from 0 (disabled) through 100. |
| Advanced: Minimum length of password | User-defined | The minimum number of characters of any type that a user's password can contain. |
| Advanced: Minimum number of alphanumeric characters | User-defined | The minimum number of alphanumeric characters a user's password can contain. Valid values are:
|
| Advanced: Minimum number of numeric characters | User-defined | The minimum number of numeric characters a user's password can contain. Valid values are 0–9. |
| Advanced: Minimum number of alphabet characters | User-defined | The minimum number of alphabet characters a user's password can contain. Valid values are:
|
| Advanced: Minimum number of lowercase characters | User-defined | The minimum number of lowercase alphabetical characters a user's password can contain. Valid values are a–z. |
| Advanced: Minimum number of uppercase characters | User-defines | The minimum number of uppercase alphabetical characters a user's password can contain. Valid values are A–Z. |
| Advanced: Minimum number of non-alphanumeric characters | User-defined | The minimum number of non-alphanumeric characters a user's password can contain. Non-alphanumeric characters include special characters, such as #, %, @, and _. |