Troubleshooting
Problem
Starting in version 40 of the IBM SOAR platform, the default password policies for local accounts for both API and Users is changing.
Symptom
Post version 40 of the IBM SOAR platform, you may encounter increased user or API key lockouts due to enhanced enforcement of the password/secrets mechanism. Please take note of the following in order to avoid this.
Cause
The password policy has been updated as follows.
- Password length should be at least 15 characters.
- Password should have at least 2 character types: lowercase, uppercase, number, special character (!"#$%&'()*+,./:;<=>?@\^_`{}|~- ).
- Password should not contain the user’s given name, surname, display name or email address.
- Password should not match any password from the previous 2 years.
- User passwords and API key secrets will expire after a set duration.
- User passwords will expire every 90 days. You can verify users expiry dates on the Users tab.
- API Key secrets will expire every 1 year
- UI Notifications will be sent 14 days, 7 days and 1 day before the API key secret expiration.
- USERS AND API KEYS WILL BE LOCKED AFTER THE PASSWORD / SECRET EXPIRES
For on-premises customers, the expiration duration can be configured using configvars, as described in Password and API key expiration.
Please note: The expiration duration for both password and API key accounts begins once the system is upgraded; otherwise, the password policy does not affect existing passwords. The policy is in effect when users change their passwords.
Please note: If you are using a user account for your integrations instead of an API key, you will not receive the UI notifications for API key secret expiry.
Environment
IBM SOAR version 40.x and greater. Please note that the above changes affect "local" SOAR appliance users. SAML/SSO or LDAP users will retain the password requirements set by their authentication system.
Diagnosing The Problem
Resolving The Problem
Before expiration, the user will see a notification letting them know that their password will soon expire.
When the password has expired, the user will receive a notification when logging in that their password has expired and needs to be changed.
If the ID is an API Key, the secret token will need to be updated in the UI by an administrator with API Keys permissions
Please note that API key accounts cannot access the Resilient user interface.
Administrator Settings > Users > API Keys and click Regenerate API Key Secret
For On-Premise customers that want to change the password expiration policy period, administrators can make a change using the commands:
resutil configset -key password.apikey_lifetime_in_years -ivalue <value>
resutil configset -key password.user_lifetime_in_days -ivalue <value>
Logging in to the SOAR server, users will receive an error that their password has expired.
Related Information
Document Location
Worldwide
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSIP9Q","label":"IBM Security SOAR"},"ARM Category":[{"code":"a8m0z000000cvfWAAQ","label":"Authentication"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
14 February 2024
UID
ibm16415123