Question

Questions about password management in IFS Cloud.

  • 12 February 2024
  • 3 replies
  • 92 views
F
Rank
Userlevel 2
Badge +6

Hi,

The customer uses IFS IAM to connect to his application.
He would like to know the answer about the following questions:
- Is it possible to define a frequency at which users must change their password?
- Possibility to control that the new password is not the same than the previous ones when it’s changed
- What is the default number of times the user can try to connect before the account is locked

Is it possible to change the default values of these parameters through the application or it is something that has to be done by the cloud team ?

These questions are important for the customer, as they concern the security of his solution.


Thank you
Fabrice

3 replies

Jonas Feigl
Rank
Userlevel 5
Badge +17

@Fabrice I’m fairly certain that there is no settings for password change frequency or to block users from using the same password again. Only password complexity rules you can control are in https://docs.ifs.com/techdocs/23r2/030_administration/010_security/040_iam_settings/070_password_policies/#password_policies

 

At what point a user gets locked I unfortunately can’t answer.

 

But long story short: IFS strongly recommends - and somewhat expects - that you use an external IDP (like Azure AD). From past conversations adding the functionalities you are asking for is not priority - due to that expectation.

 

What is the reason that the customers uses IFS IAM and not an External IDP?

F
Rank
Userlevel 2
Badge +6

Hi Jonas,

I told them they had to use an external IDP if they want to use advanced set up like double authentication. But it seems for the moment they don’t want to use this type of external solution.

So I can tell them that the first two points are not managed by IFS IAM.

For the last question I tested it manually and it seems the account is locked after 5 bad attempts.

Thank you,

Fabrice

Technical Toby
Rank
Userlevel 5
Badge +14

Hi @Fabrice 

 

- Is it possible to define a frequency at which users must change their password?

The possibility exists in the oracle profile which every ORACLE user is created upon. But this does no longer affect IFS Users in IFS Cloud. Except the ones in the database like ifsapp and others.


- Possibility to control that the new password is not the same than the previous ones when it’s changed

There was the possibility to make use of an oracle script or an own procedure to check the passwords upon creation including some specific features like the ones you mentioned. 

 

There are further requests to enhance the existing password policies Jonas mentioned earlier.

But those are not in place right now. Not even sure if this is already posted somewhere.

 

- What is the default number of times the user can try to connect before the account is locked
 

There are no seetings regarding this by now as it is the same as #1. Normally in an oracle profile but not available in IFS Cloud.

There are possibilities behind IFS IAM which are not yet implemented or blocked off. The result is the current setup of the password policies.

Regards,
TT

Never be afraid to ask!

Reply


Terms & ConditionsCookie settings