Managing IBM Business Process Manager on Cloud accounts

As an account administrator, you are responsible for managing both user and service accounts for IBM® Business Process Manager on Cloud.

User accounts

You invite users by email to access IBM BPM on Cloud and create a user account. The user account is identified by an email address. After accounts are set up, you assign roles and permissions to users so that they can do their work. For more information, see Inviting users and Assigning roles and privileges.

Password policy: IBM BPM on Cloud passwords must be at least 8 characters in length and a password cannot be repeated for 10 password changes. Passwords must have at least four letters and at least one non-alphabetic character. Passwords cannot repeat more than 2 characters.
The IBM BPM on Cloud password rules require that all users change their passwords every 90 days. Users are locked out of the IBM BPM on Cloud instance for 30 minutes if they exceed five failed login attempts. After a password expires, users have three tries to log in to reset their password.

Service accounts

For client applications, a service account is the equivalent of a user account. You create a service account by generating the corresponding service credentials that consist of a functional ID and password. Client applications require these credentials to access the IBM BPM on Cloud environment. A service account is identified by a functional ID and it can be used by one or more client applications. For more information, see Managing service accounts.

Password policy: The password is a randomly generated character string that is sufficiently long and complex to be considered safe against brute-force attacks. Password expiry is not enforced for service accounts; you decide how long passwords remain valid before you replace the service credentials with a new set. If there are more than 100 failed login attempts with the account functional ID, the service account is locked for 60 minutes.