The Security section provides features relating to user authentication, application access, and Single Sign On. Options configured here will affect the entire system.
Enforce Password Policy
If enabled, a variety of further password-related items are made available for configuration, and password expiry and length limits are enforced.
How long (in minutes) a user will be locked out for if they trigger the automated lock for failed login attempts. It can range between 1 and 60 minutes.
Scripting will accept external connections from any hostnames specified in this list. If no options are configured or it has a value of *, then all originating hostnames are permitted (global whitelist).
Note: If using an SSO authentication scheme, then this option must either be a globally whitelisted or include the SSO's origin. Failure to do so will cause login attempts to be rejected as from an untrusted origin.
If enabled, then the login screen will offer the ability to request a password reset. This requires that the user has a configured email address, that the Email (Outgoing) settings are configured and accurate, and that the Message Processing service is active.
For security reasons, the user will be given no indication if they enter a non-existent username into the request. They will also see a notification that an email has been sent, even if it is waiting in the queue with non-functional mail credentials or a disabled Message Processing service.
If enabled, then login will only be allowed via Single Sign On. This option is only enforced if there is at least one Single Sign On connector that is currently active.
