Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Default password when using SSO and UDM to create user accounts

Default password when using SSO and UDM to create user accounts

When a new user logs into RequestCenter (using Single Sign On through our portal) the first time, the User Discovery Module (UDM) automatically creates the user's profile in RequestCenter and sets their password to be the same as their login name.

This means that anyone who has the RequestCenter backdoor URL can login as anyone they want as long as they know the person's login name (in our case, this is their employee number).

Is there a more secure alternative available that would make the password's unique for each user?

Thanks,
Scott
RequestCenter version 2006.06

Everyone's tags (1)
5 REPLIES
New Member

Default password when using SSO and UDM to create user accounts

I thought you can have a CNFparamater with a default password, and that will be written instead, I could be wrong though

New Member

Default password when using SSO and UDM to create user accounts

I've thought about this very same issue.  The best idea I could come up with is to apply web server level security (username/password) to the backdoor login page.  You could also hardcode the password value to something difficult to guess, but then all "backdoor" passwords would be the same.

Default password when using SSO and UDM to create user accounts

Any other solutions to this?  The ability to log on as someone else is a big security concern.

New Member

Default password when using SSO and UDM to create user accounts

RC2008.3, Service Pack 4, released Friday,Oct 23, includes a new Administration setting that lets you limit backdoor URL access to only those people with the Site Adminstrator role. 

New Member

Default password when using SSO and UDM to create user accounts

The ability to log in as someone else is often they only way to see error messages these users are getting. Maybe it would be a good idea go give the admin a right to switch to an user and to see their requests, etc ....

315
Views
0
Helpful
5
Replies