Help ELMA BPM Platform
×
Menu

Security Settings


The Security Settings unit contains the following subunits:
Fig. 1. Security Settings
To edit parameters in this unit, click , to the right of the unit header.
General Security Settings
In the General Security Settings unit (fig. 2) you can set up:
Fig. 2. Editing parameters in the Security Settings unit
Authenticated sessions – set up the duration of storing user sessions on the server.
Forbid users to edit security settings in their profiles:
Failed sign in attempts limit – the number of failed user sign in attempts. If a user exceeds this limit, signing in to the system will be locked, and an incorrect login and/or password notification will be displayed. To disable this parameter, set 0.
The warning about locking the user sign in to the system (fig. 3) will be displayed on the user profile page (fig. 3).
Fig. 3. User profile page. Notification on exceeding the failed sign in limit
Only users with permissions can unlock signing in to the system for a user. These permissions are assigned in Administration – Application Access Settings – Global Access Settings – Administration – Users Administration.
To unlock user sign in to the system, click Remove locking (fig. 3). After that, the user profile page will display a respective notification (fig. 4).
Fig. 4. User profile page. Notification about unlocking the user sign in
Sign in lock (minutes) – time, during which the user will not be able to sign in to the system. Note, that after this time, signing in will be unlocked automatically. To disable this setting, set the value to 0.
Period for resetting failed attempts counter (minutes) – number of minutes, after which the counter of failed sign in attempts will be reset to 0. To disable this setting, set the value to 0.
Notify about user sign in lock:
Fig. 5. Messages section. Notification on locking user sign in
Notified users – list of users who will receive a notification that signing in is locked for a user (fig. 5).
Authentication Type Settings
In the Authentication Type Settings unit (fig. 6), you can define the parameters of checking open key certificates.
Fig. 6. Editing Security Settings. Authentication Type Settings unit
Allow signing in by certificate:
Yes – additional settings for binding a certificate will be available in the user profile. After binding a certificate, the system sign in window will feature the Sign in by certificate button.
Additional settings will also be displayed in this unit:
If the Allow to sign in by certificate option is enabled, the Security Settings unit will have the Encryption Provider Settings subunit (fig. 6). To learn more about encryption provider settings, see the respective Help page.
Password Security for Built-in Accounts
In this unit (fig. 7), you can define the password policy for user accounts.
Fig. 7. Editing Security Settings. Password Security for Built-in Accounts unit
Minimum password length – defines the minimum number of characters in a password, chosen when adding a user account or changing the password. If you set 0, it will be possible to create an empty password or a password of any length.
Use complex password:
Forced password change at the first user sign in:
Periodicity of forced password change (days) – the number of days, after which a user has to change the password. Forced password change takes place every day after 2AM and 2PM, server time. Note, that the password change window is displayed only when signing in to the system or when an authenticated session expires. Authenticated sessions are configured in the General Security Settings. To disable periodic forced password change, set the value to 0.
Attention!
Forced password change settings are ignored when signing in with a certificate, and when users imported from external systems (LDAP, Active Directory) sign in.

Copyright © 2006–2019 ELMA