• Post category:Security
  • Post comments:0 Comments
  • Post last modified:August 26, 2020
  • Reading time:6 mins read
You are currently viewing Extend Password Expiration Date for Integration User Accounts
Extend Password Expiration Date for Integration User Accounts

In this article we will look at all possible ways of achieving a longer password expiry duration for Integration User Accounts which will be used to schedule Integrations/reports and automation using scripting/middleware.

We all should have experienced this issue in some or other project to have a longer expiry time for some accounts (Integration User, Admin, etc) as we don’t want to reset the password for some accounts which will have down stream impact of updating the password at multiple places especially if you are doing some automation.

If the password for these users expire and the middleware/scripts are not updated, it results in integrations to fail and have an adverse impact if those integrations are critical for payroll processing.

If you are using OIC/any middleware, then you need to update the adapters with the latest password, and doing it every 90 days doesn’t make sense at all. Hence we look for alternatives to have a greater expiry time for these accounts.

Therefore, it is desired that the password expiration dates for Integration User Accounts should be long enough so that the System Administrators would NOT need to update the passwords more often and the integration/ interfaces would function seamlessly.

Now, Let’s see how to achieve this longer password expiry.

NOTE: Kindly make sure that there is NO user provisioning either manual or bulk HDL loads being run when the Days Before Password Expiration is set to non-default value, as this will cause all the newly created user accounts to have a non-default expiry date. This is applicable for the two approaches listed below

Table of Contents

Without creating Custom User Category

Navigate to Tools > Security Console > User Categories and click on User Category Name.

image 26 - Extend Password Expiration Date for Integration User Accounts
User Categories

Click on the User Category “DEFAULT” and then click on the Password Policy

image 27 1024x257 - Extend Password Expiration Date for Integration User Accounts
Edit Password Policy

Set the Days Before Password Expiration to a high value like 9999 and Days Before Password Expiry Warning to 10.

image 28 - Extend Password Expiration Date for Integration User Accounts
Set Days before Pwd Expiration to 9999

Set the Days Before Password Expiration to 9999 and Click Save.

Now, search for the Integration User/Admin User to which longer password expiry should be set from Security Console

Click on Reset button and Reset the password for that account. Now after the password is reset, the expiration dates will be set as per the new setup that we implemented above.

Once the expiry date is set to longer date for this user, we need to revert back the password expiry days to 90 as we need exception only for this user and not for all users. Follow the above steps and set the expiry days to 90 again.

By Creating Custom User Category

We can create a new Custom User Category altogether and set the new password expiry days to 9999 using the same steps as above.

Once the new User category is added, we can update the User Category for the Integration User/Admin User on the Security Console.

After updating the User Category, we need to Reset the Password for the User in order to get the updated password expiry days to take into effect.

This approach will be useful when you have multiple users/foresee multiple users in the future too who might require longer expiry.

How Password Expiration and Password Warning dates Work:

Each user has a password expiration date and password warning date as direct attributes to each user.
The User Category and Password Policy setup affects each user’s password warning and password expiration date at two events:
1. User Creation (when initial password is set)
2. Password Reset (password expiration also initiates a password reset)

Note: When the user is created, as the user has password expiration and password warning date values set based on the DEFAULT User Category. Then, when user is moved to another User Category, please note there is no immediate impact to password expiration and password warning date values. It isn’t until this user’s password is reset that the new User Category Password Policy setup will take affect.

Hope this will be useful when you want an user to have longer expiry timeframe.