Toggle menu

User Settings

The iCM and website user tabs let you set up password complexity rules for your users. The recommended settings are taken from guidelines published by the OWASP (Open Web Application Security Project) Foundation.

The list of common passwords that should be blocked is held in the iCM custom folder, often available using iCM's File Manager. It has been compiled using publicly available lists of common passwords.

We strongly recommend you use the suggested password settings.

iCM Users

You can load the recommended settings using the "Use recommended settings" link. This link only appears if your current settings don't meet the minimum recommendations.

Changes to the complexity rules are applied to iCM users the next time they log in, including immediately after an upgrade, forcing them to reset their password so that it meets the new rules.

The rules you can set are:

  • Minimum length
  • Old password kept - this prevents the reuse of old passwords
  • Minimum number of lower/uppercase letters, numbers, special characters
  • Block repeated characters
  • Block commonly used passwords

Password expiry can also be set for users in the iCM Users section.

Website Users

Website user passwords are also managed from within iCM. These settings are used by:

Both of these fields are part of our example registration form.

Recommended settings are listed next to each field. Changing the complexity rules does not force existing users to change their passwords. They will have to meet the new rules if they reset their password.

Failed login attempts and lockout durations are set in the API Server configuration of the iCMSiteUser provider (the defaults are 5 attempts and fifteen minutes).

Profile Form Mappings

Once you have users registered with your site, these mappings should not be changed. Changing mappings will cause problems for existing users. For more information about user profiles and how they can be created and updated, see the Site Groups and Users section.

If you do make changes you must resend the configuration to your API Server so the Authentication worker is aware of them.

User Profile FormThis is the private form that iCM should use to display user profiles when you are editing users in iCM (not the user profile object definition or "master" form). The standard form is called "iCM User Profile Form"
Email Address FieldThe property within the userprofile object that holds a user's email address

Display Name Template

User accounts in iCM are generally identified by GUIDs (unless created manually in iCM). Rather than display GUIDs in the user trees in iCM a display name is constructed using a Handlebars template.

The template also sets the value of the DisplayUserName property of a user, which can be returned using the iCM API. This gives a convenient way to identify a user when they are returned in searches and displayed in other products, like Assisted Service and Self Service.

This is the default template, which cannot be modified:

{{#and LASTNAME FIRSTNAME}}{{{LASTNAME}}}, {{{FIRSTNAME}}}, {{else if LASTNAME}}{{{LASTNAME}}}, {{else if FIRSTNAME}}{{{FIRSTNAME}}}, {{/and}}{{#if EMAIL}}{{{EMAIL}}}, {{/if}}{{{user.username}}}

It will display the LASTNAME and FIRSTNAME from the user's profile (if both exist), followed by the EMAIL, followed by the account username. For example:

Display Name

If either the FIRSTNAME or LASTNAME (or both) are missing, the template will display those elements that are present.

Preferred Name

The preferred name template works on the same principles as the display name. It sets the value of the PrefUserName property available via the iCM API. As all modern user profile definitions have a field called PREFNAME that is what is used.

Last modified on 30 May 2023

Share this page

Facebook icon Twitter icon email icon


print icon