The Security Settings unit contains the following subunits:
Fig. 1. Security Settings
To edit parameters in this unit, click , to the right of the unit header.
General Security Settings
In the General Security Settings unit (fig. 2) you can set up:
-
user session storage on the server;
-
-
user sign in to the system and notifications on exceeding the failed attempts limit.
Fig. 2. Editing parameters in the Security Settings unit
Authenticated sessions – set up the duration of storing user sessions on the server.
-
Changing the Suspend if no response in parameter allows managing the time, during which a user occupies a license. This parameter works for licenses of any types. The minimum value is 3 minutes.
-
For more efficient management of licenses, you can use the Delete if no response in parameter. If Web Application is opened in a web browser, a response is generated automatically every minute, regardless of the user's activity in the system. However, the system monitors the user's actions separately, which frees up the licenses of the users, who do not work in the system for a long time.
-
By default, the Delete if a user is inactive for parameter is disabled. To enable it, check the box in this field and specify the inactive time, after which the user session must be deleted.
-
If concurrent licenses are activated on the server and you check the Delete if a user is inactive for box, below you will see an additional setting Additionally delete for named licenses in. This setting defines the inactive time, after which the session for named licenses must be deleted.
Forbid users to edit security settings in their profiles:
-
Yes – working with the Security unit and the Trusted devices for signing in in the user profile will be unavailable. The Security unit will not be displayed and the Trusted devices for signing in will not feature the Edit button.
-
Failed sign in attempts limit – the number of failed user sign in attempts. If a user exceeds this limit, signing in to the system will be locked, and an incorrect login and/or password notification will be displayed. To disable this parameter, set 0.
The warning about locking the user sign in to the system (fig. 3) will be displayed on the user profile page (fig. 3).
Fig. 3. User profile page. Notification on exceeding the failed sign in limit
To unlock user sign in to the system, click Remove locking (fig. 3). After that, the user profile page will display a respective notification (fig. 4).
Fig. 4. User profile page. Notification about unlocking the user sign in
Sign in lock (minutes) – time, during which the user will not be able to sign in to the system. Note, that after this time, signing in will be unlocked automatically. To disable this setting, set the value to 0.
Period for resetting failed attempts counter (minutes) – number of minutes, after which the counter of failed sign in attempts will be reset to 0. To disable this setting, set the value to 0.
Notify about user sign in lock:
-
Yes – the notified user will receive a notification in the messages section when the limit of failed sign in attempts is reached (fig. 5);
-
No – a notification will not be sent.
Fig. 5. Messages section. Notification on locking user sign in
Notified users – list of users who will receive a notification that signing in is locked for a user (fig. 5).
Authentication Type Settings
In the Authentication Type Settings unit (fig. 6), you can define the parameters of checking open key certificates.
Fig. 6. Editing Security Settings. Authentication Type Settings unit
Allow signing in by certificate:
Yes – additional settings for binding a certificate will be available in the user profile. After binding a certificate, the system sign in window will feature the Sign in by certificate button.
Additional settings will also be displayed in this unit:
-
Default Authentication Encryption Provider – select an encryption provider, that will be used for signing in to the system. By default, the following encryption providers are available: Internal and CSP CryptoPro.
-
Allow signing in with the default certificate only:
-
-
No – selecting a default certificate will not be possible.
If the Allow to sign in by certificate option is enabled, the Security Settings unit will have the Encryption Provider Settings subunit (fig. 6). To learn more about encryption provider settings, see the respective Help page.
Password Security for Built-in Accounts
In this unit (fig. 7), you can define the password policy for user accounts.
Fig. 7. Editing Security Settings. Password Security for Built-in Accounts unit
Minimum password length – defines the minimum number of characters in a password, chosen when adding a user account or changing the password. If you set 0, it will be possible to create an empty password or a password of any length.
Use complex password:
-
Yes – a password must include lower and upper register letters, numbers and special characters. If password complexity is not observed, you will see a warning when adding a user account or changing a password;
-
No – a password may contain any characters.
Forced password change at the first user sign in:
-
Yes – possibility to change the password the first time a user signs in to the system. When a user signs in for the first time an authentication window for changing the password will be displayed;
-
No – changing the password at the first sign in will not be possible.
Periodicity of forced password change (days) – the number of days, after which a user has to change the password. Forced password change takes place every day after 2AM and 2PM, server time. Note, that the password change window is displayed only when signing in to the system or when an authenticated session expires. Authenticated sessions are configured in the General Security Settings. To disable periodic forced password change, set the value to 0.
Copyright © 2006–2019 ELMA