locked
Best Practice for CRM administrator password RRS feed

  • Question

  • What is the best practice for CRM Administrator Password? Should it be set to "Never Expire" or not?

    Is there any article related to this topic? I tried searching but nothing was mentioned for this part

    Friday, October 3, 2014 10:53 AM

Answers

  • Hi,

     We have a service account created that is given administration rights in CRM. The password for this service id is stored in CyberArc password vault.(http://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/)

    When an administrator has to use this account (User management is done by the help desk - with a copied system administrator role into a new role and their account has only administrative license), the is an approval cycle needed before the temporary password is checked out of cyber arc, this password expires after a predetermined time. This account is our fail safe against deactivating all system administrators or when the user with system administrator is not available at a point of time.

    We also have enabled auditing on system user.so any BU/team/security role change is audited.

    Best practice for any password is to set expire after 90 days and enforce policies for complexity and to prevent recycling of passwords.

    HTH,

    Jithesh.K

    • Marked as answer by SohaNasr Sunday, December 13, 2015 2:32 PM
    Friday, October 3, 2014 11:49 AM