Hybrid Data Pipeline supports configuring a password policy and an account lockout policy to securely manage user access to data. These policies may only be applied to user accounts managed through the default internal authentication service. They cannot be applied to end users managed through an external authentication service. In addition, they may only be applied at the system level and cannot be applied to tenants. After installation, the system administrator may configure the password and account lockout policies either through the Web UI or using the Hybrid Data Pipeline API.

Note: A default password policy is enforced immediately after installation. However, this policy is not enforced during installation when passwords for the d2cadmin and d2cuser accounts must be specified. For these accounts, as a matter of best practices, you should use passwords that adhere to either the default password policy or the password policy you plan to implement.

The administrator must have the following permissions to manage password and account lockout policies.

Password policy permissions

  • Only a system administrator with the Administrator (12) permission may configure a password policy and require a password reset across the system

Account lockout policy permissions

  • To configure an account lockout policy, the administrator must reside in the system tenant and have either the Administrator (12) permission or the Limits (27) permission.
  • To unlock a user account, the administrator must have either the Administrator (12) permission or the ModifyUsers (15) permission with administrative access to the tenant.
  • To set account lockout options in the Web UI, a system administrator must have the Administrator (12) permission, while a tenant administrator must have the WebUI (8) permission in addition to the Limits (27) and the ModifyUsers (15) permissions.