Password Security for Sage CRM Self Service Portal

By | May 18, 2011
Secured password is mandatory feature in any application. If your password is not encrypted/ secured then there is a possibility of security violation or can anyone hack your password. To avoid these kinds of issues your password should be well formed and follow some rules.
Sage CRM includes two major modules that are:
Sage CRM for organization users
Sage CRM Self Service Portal for client login
In both of the above systems, user has to enter his credential (User ID and Password) while login into the system. These credentials cab be set by CRM User or Self Service User.
Password Security provided for Sage CRM User logon:
In Sage CRM, for CRM user we can set user id and password from
Administration > Users > Users > Find User> Go to User Summary area as:

Now here as you can see the password that has been set for the user is not predictable as it is encrypted on the screen as well as at the database level.
Also this password can be validated based on certain conditions like:
Your password must be a minimum of 8 characters long.
Your password must contain at least one numeric character.
Your password must contain at least one upper case, one lower-case letter.
Your password can not match your user name.
Your password can not match the reverse of your user name
We can configure above listed password validation from Administration > Users > Security > Password Policies. Navigation to this link redirects you to the below screen from where you can set password validation based on user rights.

On click of any of above link you will get below screen to set password validations as:

Password Security for Sage CRM Self Service User logon:
In standard Sage CRM there is Self Service tab against the Person entity from where CRM user can enable and set self service user credentials (his logon and password) as:

As you can see above:
The password field is visible to all the users.
There is no way to set the password encryption.
Like CRM Password Policies there is no technique to set password validation rules.
As a part of protected system, the self service user password has to be safe and need to follow above points.
So we have developed a tool which allows user to available secured password.
1. Enable Self Service:
We have provided a method using which user can enable Self Service for a particular person’s summary. For more details you can refer our blog link:
2. Mail to Self Service User:
To notify CRM Person/ Self Service User that user credential for Self Service user we have send an email to them with their credentials to be used for login.
3. Change Password for Self Service User with encryption:
As like standard, CRM user can change the password from Self Service tab (present at Person level). But CRM user will be able to get the plain text password using our utility. The password would always be shown as encrypted on the screen. Password would be encrypted on screen as well as at database level.
4. Password Validations:
We have also provided password authentications at Self Service Portal Password Change functionality same as that of CRM Password Policies.

The password would be validated based on below conditions:
Your password MUST be at least 8 characters and maximum 12 characters long.
It MUST be Alphanumeric.
MUST contain at least one uppercase letter.
It MUST contain two special characters.
We can change above criteria as per the requirement.
For further queries or more information regarding this you can drop us an email at

If you find this content useful, please drop us an email at