Monday, January 28, 2013

QT001: Preventing Your Salesforce Integration Password from Expiring

Quick Tip 001: Preventing Your Salesforce Integration Password from Expiring

First A Note on Password Policies . . .

Before we get started I think its important to note that good password policies are essential for protecting your data, and changing your password occasionally is very important and should not be overlooked.  That being said, having your password expire for your integration user can be a disaster for your business.

Don't Let an Expired Password Stall Your Integration

Its midnight on Saturday night and suddenly your phone is inundated with emails about errors in your Integration between your ERP and salesforce.com.  You haven't made and code changes in months and have no idea why.  After digging through your logs you realize, the password for your integration user has expired.  You now need to login and change your password, but first you have dig up that secure password you created when you setup the account.  You may be tempted to disable password expiration for your organization to avoid this problem again, but then there won't be anything to ensure that your users are rotating their passwords.  Well there is a solution.

Using Permission Sets to Prevent Passwords from Expiring

You want to use password expiration enforcement for your users but you don't want to be caught off guard by having your Integration User get locked out of the system because of a password expiration.  Salesforce.com has a solution for this problem, you can create exceptions to your security policies for specific users with Permission Sets.  

Create a Permission Set

Create a new Permission Set by navigating to the setup page.  Then go to Manage Users > Permission Sets and click "New" give the Permission Set a Label and unique API Name and click Save.

Add Password Never Expires Permission

Go to System Permissions and click Edit, then scroll down to "Password Never Expires" (or search for it) and check the box.  Click Save.

Assign the Password Never Expires Permission to your Integration User

Go to Manage Users > User, find your integration user and click on the username.  Scroll down to Permission Set Assignments and click "Edit Assignments" then find the Permission Set you just created and assign it to the integration user via the add arrow button, then click save.  

That's it, you are done, you will never be caught off guard by a Password Expiration again . . .

Remember however, that good password policies are a must to protect your data.  Your integration user should be a secure password, it should be kept secret and it should be changed from time to time.  Salesforce.com will still enforce your policies with respect to secure passwords, and it will still require normal users to change passwords, but it is now the responsibility of the administrator to change your integration user's password occasionally.

No comments:

Post a Comment