Password Policy

Birst enforces policies on user passwords. Account Administrators can modify the password policy settings.

The password policy only affects those users who authenticate directly into Birst. Users authenticating via single SAML or OpenID are not affected by the password policy.

Use the following administrative commands when working with user password policies:

  • getpasswordpolicy: returns the password policy for the account. The AccountID is required for Appliance installations.
  • setpasswordpolicy: sets the password policy for the account.
  • testpassword: tests a password against the account password policy.

See the following examples and also Administrative Commands.

Default Policy

The default password policy specifies that:

Passwords must be at least 6 characters, contain upper and lower case characters, contain at least 1 numeric character, and must not be the username.

  • Passwords cannot contain sequences, for example, "abcdefg", "12345678", or querty "asdfgh".
  • Passwords cannot contain repeated characters (for example, "AAAAAA" or "333333").
  • Passwords cannot be commonly-used passwords (for example, "password" or "password123").

Account Administrators can change parts of the password policy for users. The following aspects of authentication can be controlled using the setpasswordpolicy command:

  • password complexity
  • password expiration
  • password history
  • change on first login
  • failure lockout
  • password hashing algorithm

Tips:

  • IP restrictions can also be set using IP address restriction commands. See Administrative Commands.
  • Sequences, repetitions, and commonly-used passwords policy items cannot be changed at this level. Contact your Infor representative for details.
  • It is a best practice to require password resets every 6 months or so, and to disallow the 10 previously used passwords.

To change the password policy for Birst users

  1. For Appliance only: Obtain the Account ID by querying the Admin database.
    Select [ACCOUNTID] From [BirstAdmin].[dbo].[ACCOUNTS]

  2. Use the getpasswordpolicy command to review the current policy for your account. Go to Admin - Manage Space - Command Window and enter the getpasswordpolicy command.

    For Cloud: Cloud accounts do not need to include an Account ID.
    getpasswordpolicy

    For Appliance, include the Account ID:
    getpasswordpolicy 29999146-9999-43E7-B014-04C9999B0199

  3. Review the existing policy and determine what changes to make. See setpasswordpolicy command for a description of the parameters.

  4. Use the setpasswordpolicy command to change the policy.
    setpasswordpolicy "policy_options" "description" "{regular_expression}" {accountID}

    Example for Cloud:
    setPasswordPolicy "minlength=8,containsnumeric=false,containsspecial=true" "Passwords must be 8 characters in length and contain at least one special character" ""

    Example for Appliance:
    setpasswordpolicy "minlength=8,containsnumeric=false,containsspecial=true" "Passwords must be 8 characters in length and contain at least one special character" "" 29999146-9999-43E7-B014-04C9999B0199
  5. Once you have set the policy, test it using the testPassword command.
    testpassword password user_name {accountID}

    Example for Cloud:
    testpassword Abk*ppdq user1@company.com

    Example for Appliance:
    testpassword Abk*ppdq user1@company.com 29999146-9999-43E7-B014-04C9999B0199

See Also
Administrative Commands
Using the Command Window