Security

 

Authentication

Login

Account enabled

Use this as a master switch to enable/disable a user or a domain.

Max failed login attempts for users(s)

This setting throttles login attempts for the user(s) by limiting the maximum number of attempts in a given time period. All further login attempts are rejected until the oldest login attempt expires (sliding time window). The time period is specified by the "Max failed login attempts period in seconds" setting. 

Max failed login attempts from IP address

This setting throttles login attempts from one IP address by limiting the maximum number of login attempts in a given time period. All further login attempts are rejected until the oldest login attempt expires (sliding time window). The time period is specified by the "Max failed login attempts period in seconds" setting. 

Max failed login attempts period in seconds

Set the time period in which each failed login attempt will count towards the maximum failed login attempts.


Two-factor Authentication

Login without configured Two-Factor Authentication

Disabling this option will force Two-Factor Authentication for the user(s). This will require the user(s) to configure Two-Factor Authentication on their next login attempt if they do not have at least one Two-Factor Authentication method set. 

"Don't ask again on this device" option for 2-Factor authentication

Disabling this option will remove the "Don't ask again on this device" checkbox from the GUI, and the user(s) will no longer be able to skip Two-Factor Authentication on any devices. 


Password

Change password

When this setting is enabled, user(s) can change their password in "Profile". Disable this setting if you wish to prevent users from changing their password. Warning: enabling either the "Require password change" or "Password expiration interval" setting will prompt the user to change his password on the next login, but they will be unable to do so if this setting is disabled. Doing so may lock user(s) out of their account.

Minimum password length

User passwords shorter than selected value will be rejected by the system. This requirement can be disabled by setting the value to "0". Changing the setting value does not affect any existing user passwords and is only applied on a user's next password change.

Maximum password length

User passwords longer than selected value will be rejected by the system. This requirement can be disabled by setting the value to "0". Changing the setting value does not affect any existing user passwords and is only applied on a user's next password change.

List of custom special characters

The value for this setting is a string containing special characters that should appear in a user's new password. The number of required special characters is set by the "Minimum number of custom special characters required in passwords" setting. Setting this to an empty string will disable the special characters requirement. Changing the setting value does not affect any existing user passwords and is only applied on a user's next password change. 

Minimum number of custom special characters required in passwords

This setting specifies the minimum number of special characters required in users' new passwords. The list of special characters can be set using the "List of custom special characters" setting. This requirement can be disabled by setting the value to "0". Changing the setting value does not affect any existing user passwords and is only applied on a user's next password change. 

Minimum number of uppercase characters required in passwords

This setting specifies the minimum number of uppercase characters required in users' new passwords. This requirement can be disabled by setting the value to "0". Changing the setting value does not affect any existing user passwords and is only applied on a user's next password change. 

Minimum number of lowercase characters required in passwords

This setting specifies the minimum number of lowercase characters required in users' new passwords. This requirement can be disabled by setting the value to "0". Changing the setting value does not affect any existing user passwords and is only applied on a user's next password change. 

Minimum number of digit characters required in passwords

This setting specifies the minimum number of digit characters (0, 1, 2, ..., 9) required in users' new passwords. This requirement can be disabled by setting the value to "0". Changing the setting value does not affect any existing user passwords and is only applied on a user's next password change.

Allow passwords to start or end with whitespace

When this setting is enabled, users' new passwords may start or end with a whitespace character (" ", "\n", ...) otherwise they are rejected by the system. Changing the setting value does not affect any existing user passwords and is only applied on a user's next password change. 

Allow passwords from password_blacklist.txt

When this setting is disabled, users' new passwords are checked against a database of blacklisted passwords (which is set by the system administrator) meant to prevent passwords that are too common/basic. If a user's new password is blacklisted, they are shown the following message: "Password considered too weak. Please choose a stronger password.". Changing the setting value does not affect any existing user passwords and is only applied on a user's next password change. 

Require password change

After setting this to "Yes", the user will be asked to change their password on their next login. The setting is reset to "No" after the user has changed their password. 



Session Management

User Sessions

View own session

When this setting is enabled, the user can list and query their own sessions.

Control own session

When this setting is enabled, the user can terminate their own sessions. Please note that the "View own sessions" setting also needs to be enabled. 


Domain Sessions

View domain sessions

When this setting is enabled, the user can list and query sessions in their own domain.

Control domain sessions

When this setting is enabled, the user can terminate sessions in their own domain. Please note that the "View domain sessions" setting also needs to be enabled.


Related Articles:

Administration Module

User Settings

Domain Settings

Was this article helpful?