System Accounts That Are Not Affected by MAX_PASSWORD_AGE

nikolaosm over 8 years ago

Dear all,

I have the following question about authentication. We have set conf.security.pw.MAX_PASSWORD_AGE to meet some security requirements about users needing to change their passwords.

However, the system also uses some "System" passwords that other IT systems use to authenticate to Process models exposed as Web Services. The problem that we are now facing is that these "System" passwords also need to change. Also our counterparty IT systems need to update their configurations to match these updated passwords.

Is there a way to
a) Create an exception list of "System" usernames whose passwords that do not change. For example the Adminstrator password does not change.
b) Make some of these usernames unable to login to Tempo or any other Appian UI so that only WS can be called using these usernames?

With kind regards,

Nikos

Discussion posts and replies are publicly visible

0 akshayan
Certified Lead Developer
over 8 years ago

I don't think you can exclude certain users from password expiration policy if you are using Appian authentication. You have to use an external authentication provider like LDAP to do this. There used to be smart service to change password (now deprecated and no longer available) which could have been used to automatically change password and revert back to original password. I would like to know if there's any other way to achieve this or if Appian could include this feature in the product in future. This is a very common use case when we need to expose a process model as a webservice.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Stefan Helzle
A Score Level 3
over 8 years ago

Good point. Would be good to have a way to support this.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel