Each Archer user must have an account to log on to the system. When adding a user consider the following:
- Will the user be notified of password information?
- Will the user be forced to change the password at next log in?
- Does the user speak a language different from the default language?
- Does the user require a specific security parameter?
- What groups should the user be enrolled in, and which access roles should be assigned to the user account?
Ensure that users are approved for logging on to the system before you create an account for them. Even when users are approved, only assign the minimum set of access permissions that enable the users to perform their job.
For instructions on creating a new user account, see Adding User Accounts.
For instructions on assigning access roles to an account, see Assigning Access Role to Users.
On this page
System administrator and default services accounts
The Archer installation process automatically creates a System Administrator (sysadmin) account and a series of Default Services accounts. These accounts are set up in the Archer Control Panel (ACP). You cannot delete or rename these accounts, but you can deactivate the System Administrator account. Users cannot log into Archer with a Default Services account. History Log fields display field changes made by data feed Service users. Associating a unique data feed Service Account to each feed clarifies which data feed applied the update.
A user account with system administrator privileges is not the same as the System Administrator account. It cannot, for example, see the System Administrator account or change its password. Only someone who has access to the System Administrator account can manage it. See Understanding the System Administrator Account and Default Services Passwords for more information.
Data Feed Service Account
A data feed Service Account is an account that the system specifically uses to run a data feed. The Service Account user also creates and updates content in a data feed. When configuring a data feed, users can either choose an existing Service Account or create a new Service Account. Users can use the same Service Account to run every data feed, but for troubleshooting purposes, set up different Service Accounts for each data feed. Users cannot log into Archer with a data feed Service Account. History Log fields display field changes made by data feed Service users. Associating a unique data feed Service Account to each feed clarifies which data feed applied the update.
New user account with system administrator privileges
It is recommended that you create a new user account, with full access to the system, and assign the System Administrator access role to it. This access role grants the account all rights within Archer.
User account passwords
All new user accounts are created with a unique password assigned manually by an administrator or generated randomly by Archer.
It is strongly recommended that you enable the Force Password Change on Next Sign-In option in Archer for all new user accounts. Configuring this option requires users to change their password the first time that they log on to Archer.
Archer enforces the password strength, logon, and session time-out policies defined in security parameters.
These security parameters are enforced by Archer across all user accounts except the sysadmin and service accounts. It is strongly recommended that you instruct your administrators on your corporate IT policy and security best practices for generating and managing passwords for all accounts.
|
Parameter |
Setting |
|---|---|
|
Minimum password length |
9 characters |
|
Alpha characters required |
2 characters |
|
Numeric characters required |
1 character |
|
Special characters required |
1 character |
|
Uppercase characters required |
1 character |
|
Lowercase characters required |
1 character |
|
Password change interval |
90 days |
|
Previous passwords disallowed |
20 passwords |
|
Grace logons |
0 logon |
|
Maximum failed logon attempts |
3 attempts |
|
Session time-out |
10 minutes (sysadmin account) 30 minutes (service account) |
|
Account lockout period |
999 days |
Password Reset
If you enable the password reset feature from the Archer Control Panel, users can click a link on the login page to reset their passwords. After clicking the link, the user is prompted for their username and email address. If the user account is valid and is not locked, the user receives a system-generated password reset email. Users cannot reset passwords for locked accounts, and must contact an Archer administrator for assistance.
