The UltiPro Add/Change Service Account page (Menu > System Configuration > Security > Service Account Administration > Add) has been modified so that Web Service Account passwords must be randomly generated by checking the Generate New Password box. The Generate New Password box is automatically selected when adding a new Service Account. After entering the remaining required information and selecting Save, a New Password window displays with the randomly generated password. You can copy the password and save it in a secure location. You will not be able to see this password again after closing the New Password page. If the password is lost or forgotten, a new one will need to be generated.
In an effort to reduce vulnerabilities we changed the way we generate passwords for webservice accounts. Today, webservice account passwords are manually created by customers and follow a generic password policy.
How will this work for customers?
- The password for web service accounts will be randomly generated.
- The password field has been removed from the page.
- The password will be random, alphanumeric, and contain a minimum of at least 2 special characters allowed. No spaces.
- The password length will be determined by the password policy enforced for site administrators. (same site policy as site admins).
- When the password is generated it will follow an access policy where you create it, see it for the first time, and allow you to copy/paste only 1 time.
Are existing accounts/passwords going to automatically reset at some point?
- Existing passwords are not going to be impacted/changed.
Will partners/customers need to rebuild applications as a result of this change?
- Applications should not have to be rebuilt or modified because of this change. There should be a mechanism within applications consuming UltiPro Web Service accounts to update the password.