User Account Settings

Allow Users to Change Password

Use this setting to determine if users should be allowed to change their password from the Password tab in the Options window available in the user consoles.

  • Access level: Partition settings

  • Default value: Yes

  • Value options: Yes, No

Idle User (Minutes)

Use this setting to specify the number of minutes of user inactivity that is allowed to pass before the user is automatically signed out of the application.

  • Access level: Partition settings 

  • Default value: 15

  • Minimum: 5

  • Maximum: 30

Auto Disable Users (Days)

Use this setting to specify the number of days allowed to pass before an inactive user's account is automatically disabled. The setting timer is reset if the user signs into the application within the specified amount of time.

  • Access level: Partition settings 

  • Default value: 60

  • Minimum: 1

  • Maximum: 1095

Allow Local Login for Partition Administrators

This setting helps determine whether partition administrators should only be able to log in to the application through the SSO authentication methods, or if they can log in to the application locally as well. Select Yes to enable local login, No to disable.

  • Access level: Partition settings

  • Default value: Yes

  • Value options: Yes, No

Password Complexity

Use this setting to define the password policy you want to enforce for all user passwords in the system. The values of this setting is defined as a regular expression. You can test a password after defining the regular expression. You can also change the message that you want to show to users when their passwords do not comply with the password policy. If you do not wish to enforce a policy, you can delete the value of this setting.

  • Access Level: Partition settings

  • Default value: Simple

  • Value options:

    • Simple: A password that is at least 8 to 64 characters.

    • Strong: A password that is at least 8 to 64 characters. The password must include three of four types of characters listed here lowercase, uppercase, numbers, or symbols.

    • Custom: This option allows configuring a custom password length. It also allows accepting number-only passwords (pins). Upon selecting this option, the following fields become available for password complexity.

Character Set

  • Value options:

    • Numbers only: Allows digits only (0-9) while entering a password.

    • All: Allows any letter, number, or symbol.

Minimum Length

  • Default value: 8

  • Minimum: 4

  • Maximum: No greater than the Maximum length.

Maximum Length

  • Default value: 64

  • Minimum: Greater than or equal to the Minimum length.

  • Maximum: 64

Character Classes Required

  • Value options:

    • Must contain any 2 of the following uppercase, lowercase, numbers, symbol: Ensures the password contains at least two character types. For example, a number (0-9) and a lowercase character.

    • Must contain any 3 of the following uppercase, lowercase, numbers, symbol: Ensures the password contains at least three character types. For example, a number (0-9), a lowercase character and a symbol ( @ # $ % ^ & * - _ = + [ ] { } \ | : ; ( ) , ' / ? ' ` ~ " . ).

    • Must contain any 4 of the following uppercase, lowercase, numbers, symbol: Ensures the password contains all character types.

User name validation Required

  • Default value: Yes

  • Value options: Yes, No 

Account Lockout

Use these settings to lock out bad actors that attempt to guess user passwords or use brute-force methods to gain access to the application. This setting can recognize sign-in attempts that come from valid users and treat them differently than attempts from attackers and other unknown sources, thus locking out attackers and allowing authenticated users the appropriate access.

Entering the same password repeatedly does not count as multiple unsuccessful logins. The accounts are locked based on the IP of the request and the passwords entered. The lockout counter resets to zero after a successful login when the account is not locked.

Lockout Threshold

After a password is unsuccessfully used the number times specified here, the account is locked for the time specified in the Lockout Threshold duration setting. This continues for the first 10 attempts. After the first 10 attempts, the next lockout periods are slightly longer and increase in duration after every 10 lockout periods.

  • Access level: Partition settings

  • Default value: 10

  • Minimum: 1

  • Maximum:

Lockout Threshold Duration (seconds)

After a password is unsuccessfully used the number times specified in the Lockout Threshold setting, the account is locked for the time specified (in seconds) here.

  • Access level: Partition settings

  • Default value: 60

  • Minimum: 1

  • Maximum: —

Password Lifetime

The setting determines the period of time (in days) that a password can be used before the system requires the user to change it. 

Minimum password age

The minimum password age must be less than the maximum password age unless the maximum password age is set to 0 (never expire).

  • Access level: Partition settings 

  • Default value: 1

  • Minimum: 0

  • Maximum: 998

Maximum password age

To specify that passwords never expire, set the number of days to 0. If the maximum password age is set to 0, minimum password age can be any value between 0 and 998 days.

  • Access level: Partition settings 

  • Default value: 1

  • Minimum: 0

  • Maximum: 999

Expiry warning (days)

Expiry warning messages are displayed on the sign-in screen. During the warning period, the following message is displayed: "Your password will expire in {n} days." After the password has expired, the following message is displayed: "Your password has expired and must be changed'.

  • Access level: Partition settings 

  • Default value: 7

  • Minimum: 1

  • Maximum: 30