Security Settings

Password setting options can vary between Customer and User Accounts.

Some of the settings in this section operate independently from the Avaya IX™ Workspaces settings.

Administrative Access Level required to make changes is Partition Level.

To access the user or customer account settings:

  1. From the Administration menu, select Tools > All Settings.

  2. In the search box, type Password or Customer Account (or parts of the screen name) and press Enter

  3. Continue with the appropriate account type settings: 

    1. Customer_or_User_Account_Password_Lifetime

    2. Allow_Users_to_Change_Password

    3. Password_Lifetime

    4. Maximum_Passwords_Changes_Per_Day

    5. Customer_Account_Lockout

Use the customer account settings to set the various security configurations. 

Customer Account Password Lifetime

Use this setting to define the amount of time a password is valid before it expires.  

  • Maximum password age: Default is 60 days 

Customer or User Account Password Complexity

Use this setting to define the password policy you want to enforce for all user passwords in the system. The values of this setting are defined as a regular expression. You can: 

  • test a password after defining the regular expression.

  • change the message that you want to show to users when their passwords do not comply with the password policy.

  • choose not to enforce a policy, by deleting the value of this setting.

The Password Complexity can be defined as Simple or Strong with prescribed default values or Custom. If you select Custom, the parameters are enabled allowing you to define the password requirements. 

Default values for Password Complexity are: 

If Complexity is: 

 Simple Strong Custom
Requirements for complexity are: Password is 8 to 64 characters Password is 8 to 64 characters and with character requirements. Select or define the desired password settings.

Character Set

  • All: Allows any letter, number, or symbol.

  • Numbers  only: Allows digits only (0-9) while entering a password.

All

All

Select All or Numbers Only.

Minimum Length

  • Minimum: 4

  • Maximum: No greater than the Maximum length

Default: 8 characters

Default: 8 characters

Default: 8 characters

Maximum Length

  • Minimum: Greater than or equal to the Minimum length.
  • Maximum: 64

Default: 64 characters

Default: 64 characters

Default: 64 characters

Character Class 

(for details, see below)

N/A

Must include three or four of the following character types: lower case, uppercase, numbers or symbols.

Select option to define 2, 3, or 4 of the following: lowercase, uppercase, numbers or symbols.

User name validation required 

  • Value options: Yes or No

This setting applies to User accounts.

 Default: Yes Default: Yes Default: Yes

Character Class 

  • Value options:

    • Must contain any 2 of the following uppercase, lowercase, numbers, symbol: Ensures the password contains at least two character types. For example, a number (0-9) and a lowercase character.

    • Must contain any 3 of the following uppercase, lowercase, numbers, symbol: Ensures the password contains at least three character types. For example, a number (0-9), a lowercase character and a symbol ( @ # $ % ^ & * - _ = + [ ] { } \ | : ; ( ) , ' / ? ' ` ~ " . ).

    • Must contain any 4 of the following uppercase, lowercase, numbers, symbol: Ensures the password contains all character types.

Allow Users to Change Password

Use this setting to determine if users should be allowed to change their password from the Password tab in the Options window available in the user consoles.

  • Default value: Yes

  • Value options: Yes, No

Password Lifetime

The setting determines the period of time (in days) that a password can be used before the system requires the user to change it. 

Values include:  

  • Minimum Password Age: The minimum password age must be less than the maximum password age unless the maximum password age is set to 0 (never expire).

    • Default value: 1

    • Minimum: 0

    • Maximum: 998

  • Maximum Password Age: To specify that passwords never expire, set the number of days to 0. If the maximum password age is set to 0, minimum password age can be any value between 0 and 998 days.

    • Default value: 1

    • Minimum: 0

    • Maximum: 999

Expiry warning (days)

  • Expiry Warning (Days): Expiry warning messages are displayed on the sign-in screen. During the warning period, the following message is displayed: "Your password will expire in {n} days." After the password has expired, the following message is displayed: "Your password has expired and must be changed'. 

    • Default value: 7

    • Minimum: 1

    • Maximum: 30

Maximum Passwords Changes Per Day

Use this setting to determine the number of times a user's password can be changed within a single 24-hour period.

  • Default value: 3

  • Minimum: 1

  • Maximum: 12

Customer or User Account Lockout

Use these settings to lock out bad actors that attempt to guess user passwords or use brute-force methods to gain access to the application. This setting can recognize sign-in attempts that come from valid users and treat them differently than attempts from attackers and other unknown sources, thus locking out attackers and allowing authenticated users the appropriate access.

Entering the same password repeatedly does not count as multiple unsuccessful logins. The accounts are locked based on the IP of the request and the passwords entered. The lockout counter resets to zero after a successful login when the account is not locked.

  • Lockout Threshold: After a password is unsuccessfully used the number times specified here, the account is locked for the time specified in the Lockout Threshold duration setting. This continues for the first 10 attempts. After the first 10 attempts, the next lockout periods are slightly longer and increase in duration after every 10 lockout periods.

    • Default value: 10

    • Minimum: 1

    • Maximum:

  • Lockout Threshold Duration (seconds): After a password is unsuccessfully used the number times specified in the Lockout Threshold setting, the account is locked for the time specified (in seconds) here.

    • Default value: 900

    • Minimum: 1

    • Maximum: —

Idle User (Minutes)

Use this setting to specify the number of minutes of user inactivity that is allowed to pass before the user is automatically signed out of the application.

  • Access level: Partition settings 

  • Default value: 15

  • Minimum: 5

  • Maximum: 30

Auto Disable Users (Days)

Use this setting to specify the number of days allowed to pass before an inactive user's account is automatically disabled. The setting timer is reset if the user signs into the application within the specified amount of time. Default: Any account idle for 90 days are disabled.

  • Access level: Partition settings 

  • Default value: 90

  • Minimum: 1

  • Maximum: 1095

Common Security Settings

Customer Departmentalization

Use this setting to decide if customers should be shared across departments. Enable this setting if you do not want to share customer history and customer information across departments.

This setting can only be changed while there is one department in the partition. As soon as the second department is created in the partition, the setting becomes disabled and cannot be changed.

  • Access Level: Partition settings

  • Default value: No

  • Value options: No, Yes

Department Security Settings

The following settings can be configured at the department level. For more information about each setting, see General Department Settings.

  1. Login Name Minimum Length

  2. Display a Warning Message to Agents for PCI Compliance