Users management in Adobe Campaign Classic

Hi @robertocervantes 

it's achievable

• Force the newly created user to enter their password on their first login. --> run a workflow on xtk:operator and if a user is created and not modified after 3 days disable the account
  
  
• Establish a minimum security criteria for the creation of the user's password (length, upper/lower case, use of special characters, do not enter the user's own name in the pass, do not set previous passwords...). --> use a js to validate the changePassword and resetPassword forms. You will also need to update methods in xtk:operator and xtk:session
  https://experienceleague.adobe.com/docs/campaign-classic/using/configuring-campaign-classic/input-forms/editing-forms.html?lang=en#validate-values
  
  
• Account blocking after a maximum number of failed login attempts. --> depending on your ACC build you should have the options XtkSecurity_Max_Unsuccessful_Attempts_Allowed, XtkSecurity_Initial_Ban_Duration and XtkSecurity_Max_Ban_Duration
  
  
• Force change of passwords after certain periods of time. --> run a workflow on xtk:operator and if a user is not modified after xxx days disable the account
  
  
•  Have a log of login/logout performed. --> get the logins.log or logins.yy-mm-dd.log from the server or through monitoring tab. I don't know if there is a log for logout

Limitations

• This is a work around and not a 100% effective method
• applied only for direct connection not for Adobe ID
• Any changes to any fields (email, first name, etc) of the operators form will update the  last modified and the workaround won't work. You can make fields read only for non-admin operators but need more work and testing 
• Adobe Campaign keeps only one password so the comparison will occur only for current and new password

I listed only limitations which come to my mind but you may have more.

Thanks,
David