You need to sign in to do that
Don't have an account?
Ron Maffrand
How best to change a user with system administrator profile to different profile with non-expiry password
We have an API user with system administator profile that we wish to have cloned to a custom profile with everything the same except the password does not expire.
Is this a bad practice? Reason, we have SOA processes that are failing when the password is set to expire. Need to ensure the dependent processes are not affected by enforced password policy.
Is this a bad practice? Reason, we have SOA processes that are failing when the password is set to expire. Need to ensure the dependent processes are not affected by enforced password policy.
It is not recommended to set it to 'Password never expires', however, for integrations (since you are having API user), this should be fine until and unless you follow below points:
1. As soon as you clone system admin profile and make a new custom profile, disable/hide all the things that is not required for this integration user.
2. Enable IP address restrictions.
3. On the new custom profile, provide access to only objects that are required for this integration.
4. Turn off all the tabs.
5. Follow the principle of least privilege. Please do not give any extra permission that this API user does not require.
Hope this helps!!
Thanks,
Puneet
All Answers
You can clone the system administrator profile to create a custom profile.
Then go to:
Setup->Manage Users->Profiles->Click on Custom Profile name
Click Edit and scroll down to "Password Policies" section and then select "Never Expires" for "User Password Expires in"
Hope this helps!!
Thanks,
Puneet
It is not recommended to set it to 'Password never expires', however, for integrations (since you are having API user), this should be fine until and unless you follow below points:
1. As soon as you clone system admin profile and make a new custom profile, disable/hide all the things that is not required for this integration user.
2. Enable IP address restrictions.
3. On the new custom profile, provide access to only objects that are required for this integration.
4. Turn off all the tabs.
5. Follow the principle of least privilege. Please do not give any extra permission that this API user does not require.
Hope this helps!!
Thanks,
Puneet