Many data security and privacy regulations apply to organizations using Adobe Campaign. In addition to complying with state-mandated regulations, organizations also choose to implement the ISO/IEC 27001 global security standard as a best practice. ISO-27001/27002, a supplement to this standard, recommends forcing password reset at periodic intervals. Since Adobe Campaign usually has plenty of operators, identifying and resetting each password can be a tedious task. Let me show you how to reset operator passwords at one go using Adobe's SOAP methods.

Adobe Campaign operators or users are listed and managed using the xtk:operator schema. We can leverage this schema to build a workflow and automate the process.

Adobe Campaign Password Reset Workflow

This is the workflow we are going to follow:

Fig. 1. The workflow for resetting passwords in Adobe Campaign

These are the Adobe Campaign activities we'll be working with:

  • Query activity - To fetch the operators based on Password Expiry
  • Enrichment activity - To generate random passwords for each operator
  • JavaScript - To update passwords in operator schema
  • Continuous delivery activity - To notify operators whose passwords have been changed

Now let's configure.

Query Activity

The query activity will fetch operators whose passwords have expired the previous day. First, choose xtk:operator schema in the ‘Targeting and filtering dimension’ of the query. Next, add the necessary filtering conditions to find the operators. 

Let me show you how I’m going to reset the passwords of the admin team (Fig. 1). These passwords are stored in ‘Folder1’ and have not been modified in the past six months. You can add additional conditions based on the operator folder, access rights, operator name prefix, and so on. You can also group different conditions inside the query and provide different expiry duration for each group. It all depends on your requirement.

Setting query conditions in Adobe Campaign
Fig. 2. Setting query conditions

Execute the query and check whether the expected operators are showing up in the outbound transition. You can do this by right-clicking the transition and selecting Display the target. If the query results are in order, you can move to the next step.

Enrichment Activity

The purpose of this activity is to generate random passwords for each operator. You can apply a logic based on your convenience or requirement to generate the passwords. In this example, I’m going to add a random number to the name of the operator.

Select the “Name” column from the targeting dimension and add a new field labeled “Operator Password.” Use the expression editor of the new password field to set up the password creation logic. The expression defined in Fig. 3 uses the Random() function of Adobe Campaign to generate a random number. Since we can’t be sure that the random number generated is unique, we should append some other information like the operator primary key, part of a username, or unique field.

Enrichment activity in Adobe Campaign
Fig. 3. Adding expression in enrichment

The expression for password is:

[target/@name]+Substring(''+Random(), 6, 4)

Remember to set the alias as ‘new_pwd’ (or any name you prefer). This name will be used in our JavaScript code and the notification emails.

JavaScript Activity

The JavaScript activity is used to query the records we get in the transition and reset operator passwords one by one. 

We will use the xtk.queryDef schema methods (Create and ExecuteQuery) to fetch the data coming in the transition and then use the ResetPassword function. 

First, we need to call the generic method ‘create’ on the queryDef schema to create a new query object with the schema name and query conditions. To set the schema name, use the variable vars.targetSchema. This is a default event variable that the Query activity transmits. We use this variable to identify the inbound transition from which we need to fetch data. 

Set the operation on the querydef as ‘Select’ and list out the nodes that you need to reset the password. Here, we’ll just take the name and password columns from the inbound transition. If you need additional columns for your operation, add new nodes under the select tag with the respective column names as we did for name and password (see code below).

var schemaName = vars.targetSchema.substr(vars.targetSchema.indexOf(":") + 1); 
var query = xtk.queryDef.create( 
 <queryDef schema={vars.targetSchema} operation="select"> 
   <select> 
     <node expr="@name"/>
     <node expr="new_pwd"/>  
   </select> 
 </queryDef> 
); 

After creating the query object, execute the query using the ExecuteQuery() function associated with the xtk:querydef schema. ExecuteQuery will return the result of the query operation. We can store it in a variable called ‘result’ (see below snippet) and iterate through the result object. 

During each iteration, we reset the password of a user with the new password. The ResetPassword function under NLWS.xtkOperator schema takes the username and the new password as parameters. If you need to do any other manipulation to the password string, you can do it here. See the ‘for loop’ to understand how to fetch values from the result object.

var result = query.ExecuteQuery();
 
for each (var e in result) {
  NLWS.xtkOperator.ResetPassword( e.@name, e.new_pwd );  
}

Continuous Delivery Activity

The next step in our process is to inform users of the password change. 

We will use the continuous delivery activity for this. Create an email template and set up the content in HTML source (see Fig. 4). Prepare it with all the personalizations you need. Then select that template in the continuous delivery activity.

Email delivery in Adobe Campaign
Fig. 4. Email template

You can access the user name and the random password generated for the operator from the target extension section of the personalization field dropdown.

Selecting email personalization fields in Adobe Campaign fields
Fig. 5. Personalization fields

There is one more important step required for email delivery to happen. The default setting of delivery targets would be for Recipient schema records. You need to change the selection to xtk:operator. This allows us to send emails to Adobe Campaign users.

Target mapping selection in Adobe Campaign
 Fig. 6. Selecting target mapping

That’s it. Now those users who match the query condition will receive an email with their new password. 

Note: Send a reminder mail to users a few days prior to resetting their passwords; that way, the password reset won’t come as a surprise to them. You can use logic similar to the password reset workflow to send one or two reminders before the password expiry date.

Conclusion

Resetting passwords in Adobe Campaign as recommended by security standards may seem like a chore but it needn’t be if you can automate the process as described in this blog post. This will save you a lot of effort and time and keep you in compliance with a security best practice.