Enforcing a password policy for BMC Helix Innovation Suite
AR System ensures that passwords are always encrypted. An SHA-256 hash of passwords is stored in the database, ensuring that the system and the reader of the database cannot retrieve passwords. In addition, you can enforce a password policy with the User Password Management Configuration form. The following image shows the User Password Management Configuration form:
The password management feature is preconfigured when you install Encryption Security, but it is not enabled. This section describes how to enable and use the feature.
With a password policy, you can perform the following actions:
- Force all users or individual users to change their passwords when they use a browser.
- Enforce restrictions on passwords. [Health Insurance Portability and Accountability Act (HIPAA) standards are shipped as the default restrictions.]
- Set up password expiration with scheduled warnings.
- Disable an account after the expiration period.
- Enable users to change their passwords at will.
If your system uses external authentication through the Cross Ref Blank Password option, reconsider enforcing the password policy with the User Password Management Configuration form. Enforce this policy only for users whose passwords are stored in the User form.
For information about the Cross-Reference Blank Password feature used with external authentication, see Cross-referencing-blank-passwords.
Setting up the Mid Tier for the password policy
Use the Mid Tier Configuration Tool to set an authentication server for the Mid Tier, and set up the policy on that server. For accessing the Mid Tier Configuration Tool, see Accessing-the-Mid-Tier-Configuration-Tool.
Perform the following steps to set up the authentication server:
- Log in to Open the Mid Tier Configuration Tool.
- Click the General Settings link.
- Enter the server name in the Authentication Server field.
