Introduction
This document is intended to capture the process changes associated with the authentication modifications made to the Metrix application. The changes can be summarized as follows:
- Metrix authentication is now done by validating the user’s credentials against an Oracle database user in a similar manner to Metrix Reporting.
- Metrix Authentication has been moved into Metrix itself, allowing for greater control of this functionality when necessary.
- Functionality has been added to support password aging along with password change validation rules.
- Those running Metrix in a hosted P2 environment are now not able to manage user/password information within Metrix.
Oracle User Account
Similar to how Metrix Reporting is implemented, a Metrix user now requires an Oracle database user. When a user inputs their credentials, those credentials are validated against that database user. Metrix security is not affected in any way by these changes.
User Authentication moved into Metrix
This allows for greater control and flexibility of the user authentication process, if necessary.
Password Aging and Validation
As part of this enhancement, Metrix now supports password aging and password verification. This functionality is implemented by leveraging Oracle’s functionality in this area. It is accomplished by creating Database (DB) profiles and then assigning these profiles to DB users. Metrix traps various Oracle messages and displays appropriate error messages to the user. Note: Please consult Oracle documentation for information on how to setup Oracle profiles for this purpose.
Requiring a Metrix user to be first setup as an Oracle database user provides the client with the ability to set customized password security rules to handle the following situations:
- Password Expiry Period.
- Password Strength. Password strength is the length of password and the requirement for combinations of numbers, letters and special character. Note: The special characters that are not valid for password use " ` ~ & |
- Lock out period after failed attempts. The lock out period is the number of failed attempts that will be allowed before a user is locked out and the length of time the user will be locked out.
- Session time-out. Session time-out is the length of time the user can be inactive in Metrix before the session times out and the user is forced to log back in. Logging in after a session time-out will return the user to the last screen they were on.
Password Change within Metrix (Non-hosted clients only)
Non-hosted Metrix users will have the ability to change their password at any time within the Metrix application using the below screen.
This button will launch the following “Change Password” screen:
In addition, if a user’s password has expired, they will be given the opportunity to change it by automatically displaying the above popup upon login.
In both cases, any validation errors that are encountered during the password change process will be displayed at the top of the window:
Note: Once the password is changed, the user must log-out of Metrix and log back in for the new password to take effect.
Impact on Hosted Clients
Access Management is the utility that creates and maintains all users for hosted clients. This section is intended to describe how the changes are reflected in a hosted client’s environment.
The creation and maintenance of User Accounts will now be done entirely through Access Management. The admin user will no longer be able to create new or modify existing Metrix users. They will continue to manage the User Roles in Metrix. All other changes must be done using Access Management.
The user can no longer change their password through the Metrix Application. Password changes will have to be changed through Access Management and the password will be synchronized for all P2 products.
