TIBCO Cloud User Account Password Policy
Article ID: KB0072048
Updated On:
| Products | Versions |
|---|---|
| TIBCO Cloud | - |
Description
There are two broad types of login credentials that are authenticated by the TIBCO Account.
Credential Types
- "User Accounts" ie TIBCO Account credentials used by individuals
- "Service Accounts" ie TIBCO Account credentials used by systems that run on servers.
Credentials not managed by TIBCO Account
Not all login credentials are "stored" within the TIBCO Account. Some login credentials are stored in systems 'external' to the TIBCO Account. Hence, TIBCO Account does not manage the password rules for these types of credentials. In fact, the TIBCO Account cannot even 'see' the passwords for these credentials. These include -
-
TIBCO Personnel - TIBCO Personnel's passwords are managed and governed by the TIBCO Corporate Active Directory password policies
-
Customers who are set up to authenticate using their company's LDAP credentials - These passwords are maintained and managed by the specific customer's corporate LDAP/AD system.
-
Customers who are set up to authenticate using their company's SSO systems - These passwords are maintained and managed by the specific customer's corporate Single Sign-On system.
- Google User - These passwords are maintained and managed by Google's authentication system.
Password rules for TIBCO Account managed user credentials
User Accounts
| Configuration | Description |
|---|---|
| Maximum Password History | Must not match previous 1 password |
| Maximum Password Age | None |
| Minimum Password Age | 0 days |
| Minimum Password Length | 8 characters |
| Password complexity | Must have at least 3 of the 4 characters - an upper case, a lower case, a number, or a special character |
| Maximum Attempts before Account Lockout | 3 Consecutive unsuccessful login attempts. |
| Account Lockout Duration |
1 minute Note - This 'account lockout timer' only starts after the 'Maximum Attempts before Account Lockout' is met. |
| Reset account lockout counter after | 1 minute as defined by account lockout duration |
| Initial Password Change | Password set by the user at the time of activating the account |
| Password Display | Not displayed by default. User can user chooses to temporarily override the default. |
Service Account
| Configuration | Description |
|---|---|
| Maximum Password History | Must not match previous 1 password |
| Maximum Password Age | None |
| Minimum Password Age | 0 days |
| Minimum Password Length | 8 characters |
| Password complexity | Must have at least 3 of the 4 characters - an upper case, a lower case, a number, or a special character |
| Maximum Attempts before Account Lockout | 3 Consecutive unsuccessful login attempts. |
| Account Lockout Duration |
1 minute Note - This 'account lockout timer' only starts after the 'Maximum Attempts before Account Lockout' is met. |
| Reset account lockout counter after | 1 minute as defined by account lockout duration |
| Initial Password Change | Not Applicable |
| Password Display | There is no screen to display the password. Systems authenticate using a 'Service Account' via API calls. |
A note about passwords stored in the TIBCO Account
Passwords are stored using a sha256 hash mechanism with salt. What this basically means is that no person, including the TIBCO Account system administrators, can extract the password stored in the system.
Issue/Introduction
Environment
Feedback
