Security Preferences

Security Preferences configure security-related features of Order Management. The following subsections are included:

Password Policy

By default, the password policies are set to Salesforce minimums for new user accounts and existing user accounts where the policy has not been set. An Administrator can also set a minimum password policy requirement by following the PCI rules. This page lets you configure user password requirements.

Note: If you manage user accounts with Account Manager, then only the Report Author password policy is used. Account Manager controls user account password policies.

You can't change the following security requirements.

Accounts that have both the Administrator or General and the Report Author roles are subject to the more restrictive of the policies.

Three policies exist:

Fields and buttons Description
Password Policies dropdown Select the policy to edit.
Minimum Password Length Enter a number in the text field. Passwords must contain at least this many characters.
Require Mixed Case checkbox Passwords must contain both uppercase and lowercase letters, so this box can't be unchecked. Two numeric text fields are also available:
  • Minimum Special (Non-Alphanumeric) Characters: Passwords must contain at least this many special characters.
  • Minimum Numeric Characters: Passwords must contain at least this many numeric characters.
Enforce Expiration checkbox This box can't be unchecked. The Password Expiration Frequency (days) text field defines the number of days after a password is changed when it expires and must be changed again.
Restrict Password Re-use checkbox This box can't be unchecked. The Number of Previous Passwords to Restrict text field defines the number of most recent passwords that can't be reused when a password is changed.
Enforce Minimum Time Before Password Activates checkbox If this box is checked, then the Password Minimum Life (seconds) text field becomes available. The number in this field defines the number of seconds that must elapse after a password is set or changed before it can be changed again. This delay allows time for administrative functions for new accounts, and provides security against potential automated attacks.
Require Confirmation on New Password check box If this box is checked, then when changing a password, users must enter the new password twice for verification. If it isn't checked, then users only type a new password once.
Save Password Policy Saves changes to the selected password policy.

Password Requirements

The default Salesforce password policies are as follows:

Minimum password policy requirements follow PCI rules, as follows:

Forgotten Password

When a user forgets the password to any of the Order Management modules, they can request a password reset link to reset it as follows:

  1. Select the Forgot Password link on an Order Management module login page.
  2. From the Send Email popup window, enter a username, then click Send Email to receive the password reset link. If a valid email address exists, an email is sent with a password reset link. If the user account has no verified email address, an Administrator must reset the password on the User Detail page in Administration: Security > Users.
    Note: The password reset link expires after 24 hours. If the availability of the password reset link has expired, the message, “The reset password link is invalid or has expired" appears.

    The Email User Password Reset template can be customized for the password reset.

Account Manager

This page is only available if you are using Account Manager to manage Order Management accounts. It lets you select the Order Management role that is automatically assigned to normal user accounts when they are given the Order Management User role in Account Manager. (Administrator accounts are automatically assigned the Administrator role.) Select one from the dropdown list and click Update.

Addresses (Not Used)

This page lets you create internet address groups and add internet addresses into that group. This functionality is not used.

To add an internet address group, do as follows:

  1. In Order Management Administration: click Settings > Preferences.
  2. Click the Security tab.
  3. Click Addresses.
  4. From the Internal Address Groups page, click Add Group and add an internet address group. The page refreshes with a New Group link.
  5. Assign a name to the group. Click Edit and assign a Label, Short Label, and Description for this group.
  6. To accept the new address group, click Update. To discard it, click Cancel . To delete the group, click the trash can icon (???).
  7. Click the new group’s link. The Edit Addresses page appears. Enter the Internet Address and the Mask Address and click Add. A new internet address item is listed. You can add multiple addresses to this group.
  8. To change the internet address, click Edit. To return to the Internet Address Groups page without saving the address, click Cancel . To discard this internet address, click the trash can icon (???).