Security Settings

 

If enabled, a variety of further password-related items are made available for configuration, and password expiry and length limits are enforced.

 

If enabled, users must include a upper-case character when changing their password.

 

This option is only available if Enforce Password Policy is enabled.

 

If enabled, users must include a lower-case character when changing their password.

 

This option is only available if Enforce Password Policy is enabled.

 

If enabled, users must include a numeric character when changing their password.

 

This option is only available if Enforce Password Policy is enabled.

 

If enabled, users must include a symbol-type character when changing their password.

 

This option is only available if Enforce Password Policy is enabled.

 

The number of days a password is valid for before it needs to be changed by the user.

 

This option is only available if Enforce Password Policy is enabled.

 

The minimum length of a password that can be set for users.

 

This option is only available if Enforce Password Policy is enabled.

 

If enabled, users cannot reuse a recent password when changing their password.

 

This option is only available if Enforce Password Policy is enabled.

 

How many failed login attempts a user can make before they are automatically temporarily locked out. It can range between 1 and 100 attempts.

 

How long (in minutes) a user will be locked out for if they trigger the automated lock for failed login attempts. It can range between 1 and 60 minutes.

 

Scripting will accept external connections from any hostnames specified in this list. If no options are configured or it has a value of *, then all originating hostnames are permitted (global whitelist).

 

Note: If using an SSO authentication scheme, then this option must either be a globally whitelisted or include the SSO's origin. Failure to do so will cause login attempts to be rejected as from an untrusted origin.

 

If enabled, then the login screen will offer the ability to request a password reset. This requires that the user has a configured email address, that the Email (Outgoing) settings are configured and accurate, and that the Message Processing service is active.

 

For security reasons, the user will be given no indication if they enter a non-existent username into the request. They will also see a notification that an email has been sent, even if it is waiting in the queue with non-functional mail credentials or a disabled Message Processing service.

 

If enabled, login details will be remembered following the next successful login.

 

If enabled, then login will only be allowed via Single Sign On. This option is only enforced if there is at least one Single Sign On connector that is currently active.