448 total views
In this article we will look at all possible ways of achieving a longer password expiry duration for Integration User Accounts which will be used to schedule Integrations/reports and automation using scripting/middleware.
We all should have experienced this issue in some or other project to have a longer expiry time for some accounts (Integration User, Admin, etc) as we don’t want to reset the password for some accounts which will have down stream impact of updating the password at multiple places especially if you are doing some automation.
If the password for these users expire and the middleware/scripts are not updated, it results in integrations to fail and have an adverse impact if those integrations are critical for payroll processing.
If you are using OIC/any middleware, then you need to update the adapters with the latest password, and doing it every 90 days doesn’t make sense at all. Hence we look for alternatives to have a greater expiry time for these accounts.
Therefore, it is desired that the password expiration dates for Integration User Accounts should be long enough so that the System Administrators would NOT need to update the passwords more often and the integration/ interfaces would function seamlessly.
Now, Let’s see how to achieve this longer password expiry.
NOTE: Kindly make sure that there is NO user provisioning either manual or bulk HDL loads being run when the Days Before Password Expiration is set to non-default value, as this will cause all the newly created user accounts to have a non-default expiry date. This is applicable for the two approaches listed below
Without creating Custom User Category
Navigate to Tools > Security Console > User Categories and click on User Category Name.
Click on the User Category “DEFAULT” and then click on the Password Policy
Set the Days Before Password Expiration to a high value like 9999 and Days Before Password Expiry Warning to 10.
Set the Days Before Password Expiration to 9999 and Click Save.
Now, search for the Integration User/Admin User to which longer password expiry should be set from Security Console
Click on Reset button and Reset the password for that account. Now after the password is reset, the expiration dates will be set as per the new setup that we implemented above.
Once the expiry date is set to longer date for this user, we need to revert back the password expiry days to 90 as we need exception only for this user and not for all users. Follow the above steps and set the expiry days to 90 again.
By Creating Custom User Category
We can create a new Custom User Category altogether and set the new password expiry days to 9999 using the same steps as above.
Once the new User category is added, we can update the User Category for the Integration User/Admin User on the Security Console.
After updating the User Category, we need to Reset the Password for the User in order to get the updated password expiry days to take into effect.
This approach will be useful when you have multiple users/foresee multiple users in the future too who might require longer expiry.
How Password Expiration and Password Warning dates Work:
Each user has a password expiration date and password warning date as direct attributes to each user.
The User Category and Password Policy setup affects each user’s password warning and password expiration date at two events:
1. User Creation (when initial password is set)
2. Password Reset (password expiration also initiates a password reset)
Note: When the user is created, as the user has password expiration and password warning date values set based on the DEFAULT User Category. Then, when user is moved to another User Category, please note there is no immediate impact to password expiration and password warning date values. It isn’t until this user’s password is reset that the new User Category Password Policy setup will take affect.
Hope this will be useful when you want an user to have longer expiry timeframe.
Latest posts by Sricharan Monigari (see all)
- Migration of Objects – Valuesets, Lookups, Fast Formula, Payroll Flows from one POD to another - November 30, 2020
- Renaming HCM Extracts is a possibility from 20D - November 24, 2020
- Sangam20 – Oracle Users Group Conference - November 23, 2020
- Passing Parameter values from Flow Instance to HDL Transformation Formula - November 23, 2020