Password Policy
Birst enforces policies on user passwords. Account Administrators can modify the password policy settings.
The password policy only affects those users who authenticate directly into Birst. Users authenticating via single SAML or OpenID are not affected by the password policy.
Use the following administrative commands when working with user password policies:
- getpasswordpolicy: returns the password policy for the account. The AccountID is required for Appliance installations.
- setpasswordpolicy: sets the password policy for the account.
- testpassword: tests a password against the account password policy.
See the following examples and also Administrative Commands.
Default Policy
The default password policy specifies that:
Passwords must be at least 6 characters, contain upper and lower case characters, contain at least 1 numeric character, and must not be the username.
- Passwords cannot contain sequences, for example, "abcdefg", "12345678", or querty "asdfgh".
- Passwords cannot contain repeated characters (for example, "AAAAAA" or "333333").
- Passwords cannot be commonly-used passwords (for example, "password" or "password123").
Account Administrators can change parts of the password policy for users. The following aspects of authentication can be controlled using the setpasswordpolicy command:
- password complexity
- password expiration
- password history
- change on first login
- failure lockout
- password hashing algorithm
Tips:
- IP restrictions can also be set using IP address restriction commands. See Administrative Commands.
- Sequences, repetitions, and commonly-used passwords policy items cannot be changed at this level. Contact your Infor representative for details.
- It is a best practice to require password resets every 6 months or so, and to disallow the 10 previously used passwords.
To change the password policy for Birst users
- For
Appliance
only: Obtain the Account ID by querying the Admin
database.
Select [ACCOUNTID] From [BirstAdmin].[dbo].[ACCOUNTS] - Use the getpasswordpolicy
command to review the current policy for your account. Go to Admin - Manage
Space - Command Window and enter the getpasswordpolicy command.
For Cloud: Cloud accounts do not need to include an Account ID.
getpasswordpolicy
For Appliance, include the Account ID:
getpasswordpolicy 29999146-9999-43E7-B014-04C9999B0199 - Review the
existing policy and determine what changes to make. See setpasswordpolicy command
for a description of the parameters.
- Use the setpasswordpolicy command
to change the policy.
setpasswordpolicy "policy_options" "description" "{regular_expression}" {accountID}
Example for Cloud:
setPasswordPolicy "minlength=8,containsnumeric=false,containsspecial=true" "Passwords must be 8 characters in length and contain at least one special character" ""
Example for Appliance:
setpasswordpolicy "minlength=8,containsnumeric=false,containsspecial=true" "Passwords must be 8 characters in length and contain at least one special character" "" 29999146-9999-43E7-B014-04C9999B0199
- Once you have set the policy, test it using the testPassword command.
testpassword password user_name {accountID}
Example for Cloud:
testpassword Abk*ppdq user1@company.com
Example for Appliance:
testpassword Abk*ppdq user1@company.com 29999146-9999-43E7-B014-04C9999B0199