Managing IBM Business Process Manager on Cloud accounts
User accounts
You invite users by email to access IBM BPM on Cloud and create a user account. The user account is identified by an email address. After accounts are set up, you assign roles and permissions to users so that they can do their work. For more information, see Inviting users and Assigning roles and privileges.
- Password policy
- IBM BPM
on Cloud passwords
must be at least 8 characters in length and a password cannot be repeated
for 10 password changes. Passwords must have at least four letters
and at least one non-alphabetic character. Passwords cannot repeat
more than 2 characters.
The IBM BPM on Cloud password rules require that all users change their passwords every 90 days. Users are locked out of the IBM BPM on Cloud instance for 30 minutes if they exceed five failed login attempts. After a password expires, users have three tries to log in to reset their password.
Service accounts
For client applications, a service account is the equivalent of a user account. You create a service account by generating the corresponding service credentials that consist of a functional ID and password. Client applications require these credentials to access the IBM BPM on Cloud environment. A service account is identified by a functional ID and it can be used by one or more client applications. For more information, see Managing service accounts.
- Password policy
- The password is a randomly generated character string that is sufficiently long and complex to be considered safe against brute-force attacks. Password expiry is not enforced for service accounts; you decide how long passwords remain valid before you replace the service credentials with a new set. If there are more than 100 failed login attempts with the account functional ID, the service account is locked for 60 minutes.