Implementing Password Policies in SageCRM

By | January 10, 2014

Come Meet the Greytrix Team Exhibiting at Sage South Africa Annual Conference Sage Insights 2014 from Thursday 6th – 9th February 2014.
Our Sage CRM session on Friday 7th February, 2014 10h45 – 11h25
End to end customer management with Greytrix Service CRM verticals: Service Management, Survey Management and Customer Portals for Sage CRM – With strong capabilities of Sage CRM and Greytrix verticals, offer your customers an end to end solution. We will see Service Management, Survey management and Extended Self Service Portal.
————————————————————————
When we have user authentication systems implemented, it becomes necessary to have proper validations in place for Password formats. Same applies to SageCRM as well. SageCRM has defined the Password policies module which maps with user profiles and handles password validations.
Sage 300 ERP Related: User Role and Security Application in Sage 300 ERP
These policies are configured under Administration -> Users -> Security -> Password Policies section as shown in below screenshot.

PasswordImg1

We can apply password policies to 3 levels of users Administrators, Info Managers and Users with no admin rights.
1. Administrators: These policies are applicable to all the users having system admin rights set in Administration field in Administration | Users | Users | User Details tab.

PasswordImg2

2. Info Managers: These policies are applicable to all the users who are having Info Manager rights set in Administration field in Administration | Users | Users | User Details tab.
3. Users with no admin rights: These policies are applicable to all the users who are having No Admin rights set in Administration field in Administration | Users | Users | User Details tab.
Now we will move to the Password policies options. When you click on the hyperlink of any above password policy you will be able to view following options.

PasswordImg3

1. Minimum length of password: This option will set the minimum length of password which user wants to set in their password. If we set the length to 0 then other options will be disabled. The maximum password length which user can enter is 20.
2. Require complex password: This option requires that the password should contain a character from at least three character sets. The character sets are uppercase, lowercase, numbers, and other characters. The first character of the password can only be either a letter or a number with or without this setting enabled.
3. Check User Name: This option checks whether the user name and password are not identical.
4. Strong User Name: This option checks that the password does not match the reverse of the user name, or the user name with common substitutions. If the DICTIONARY.TXT file exists in the WWWROOT subdirectory of the CRM install, then the password is checked against words in the dictionary, the reverse of words in the dictionary, and words in the dictionary with common substitutions. This option gets enabled when we check “Check User Name” checkbox.
Suppose we have configured password policy for Administrators as follows:

PasswordImg4

 When we try to enter the password for admin user as same as user name we will get following error due to the password policy defined.

PasswordImg5

Also Read:
1) Password Security for Sage CRM Self Service Portal
2) Auto login using SageCRM WebServices
3) Password Checker in CRM while creating users.
4) Want to increase Self-Service Password field size?
5) Moving Sage CRM to new server