Changes

Jump to: navigation, search

Password Policy

578 bytes removed, 19:21, 26 June 2019
no edit summary
<pre style="white-space: -o-pre-wrap; word-wrap: break-word;">&lt;!--@sslogic('@langid@'='2')-->&lt;br>@system.Password Policy - French@&lt;!--@else-->&lt;br>@system.Password Policy@&lt;!--@end--></pre>
===Intruder Lockout Settings and Intruder Email Alert ===
The third tab in '''Password and Activation Policies, '''called '''Intruder Alert Settings, '''will determine the actions that should be taken if someone attempts to log into your copy of [[SmartSimple]] but cannot provide accurate credentials.
:: [[File:Intruder alert settings new.png|600px|border]]{| class==="wikitable"|-||'''Number of Attempts'''||Enter a number from 1-32 that will denote the amount of times someone can ''attempt ''to log in with an account (that is, with an incorrect password) before that account is locked. ====== ===|-||'''Lockout Duration'''===Rules for Password Activation Settings===||When Select from a company has password settings configurednumber of options the duration of the account lockout. Within this period, then these the user will be used have no ability to log in full, even if their credentials are correct. 
When a company does not have password settings configured* Options: 5 minutes, 15 minutes, 20 minutes, 1 hour, 3 hours, 12 hours, 24 hours or Forever* '''Note: '''If the '''Forever '''option is selected for the lockout duration, the system user will go up have no access to login ''until ''manually unlocked by the Organizational hierarchy until it finds a parent company with password settings configured and then use these settings.[[Global User Administrator|System Administrator]] 
NOTE: When |}The latter half of this page has the heading '''Intruder Email Alert - '''using a company does not have password settings configure default template, it will display informational text at allows you to customize the top saying it email alert when someone has not been configuredlocked out because of intruding attempts. 
{| class="wikitable"
|-
||'''Email From'''
||The From Address for the email alert. If you do not manually set this value, then the address '''donotreply@smartsimple.com '''will be used.
|-
||'''Email To'''
||
Select the [[Internal]] people to receive the email alert. Click the '''binoculars icon '''for a full list of internal staff, from which you can select who to send the email alert to.
* '''Note: '''The following rules apply Default Template will use the [[Organization hierarchy#Organization Ownership|primary contact]] of the [[The Root Company|root organization]] to the above settings when a populate the '''new user is sent their password for the first timeEmail To ''':field. 
* If the Activation settings have a default security code but no challenge questions, the user will be prompted to enter the default security code.|-||'''Subject'''* If the Activation settings have a default security code and a challenge questions, the user will be prompted to enter the default security code and then taken to second screen to define an answer to one ||The subject of the the Challenge questions. The user can then go User Profile and access the Change Password page to view and update their stored challenge question and answeremail.See |-||'''Body'''||'''Sample Template - '''* The user will be presented with [[CAPTCHA]] validation in all cases.|}
 
The following rules apply to the above settings when an '''existing user requests a new password''':
 
* If a default security code has been entered and no challenge questions have been entered, the user will be prompted to enter the default security code.
* If a default security code has been entered and challenge questions have been entered, the user will only be prompted to answer a challenge question.
* The user will be presented with [[CAPTCHA]] validation in all cases.
 
After successful completion of Password Activation, the user will be logged in and their new password will be active.
 
===Intruder Lockout Settings===
[[image:password-006.png]]
 
These settings determine the actions that should be taken if someone attempts to log into your copy of [[SmartSimple]].
 
* '''Number of Attempts''' – the number of attempts to log in with an account before the account is locked.
 
* '''Lockout Duration''' – the duration of the account lockout. The [[User|user]] will not be able to log in during this period. Period can be set to 5 minutes, 15 minutes, 30 minutes, 1 hour, 3 hours, 12 hours, 24 hours or forever (until unlocked by [[Administrator|administrator]]).
* '''Lockout Message''' - a custom message to display to users when a user is locked out due to too many failed login attempts. This message will only display when a user has been locked out, and attempts to log in again with the correct password. Therefore, no information will be divulged to users that fail their login.
* If a user is locked, you can click on the '''Set Password''' button on the '''View Locked Users''' tab to reactivate the account and send the [[User|user]] a new [[Password|password]].
 
* ''Once an account has been locked for exceeding the number of permitted login attempts it will remain on the "locked users" list until the correct password is entered. This allows the administrator to see which users have been unable to log in, even if the configured lockout duration has passed and the account is no longer technically locked.''
* ''When an account has been locked for exceeding the allotted number of attempts, after the lockout time has passed they are permitted only one attempt at the correct password. A single incorrect password at this point will re-lock the account for the configured lockout duration. In other words, once someone is on the "locked user" list they are only permitted a single wrong attempt and they will be locked for the lockout duration again. This prevents would-be intruders from having multiple attempts to guess the password each time the lockout duration has passed. '' ===Password Reset Message===[[image:password-005.png]] This feature provides the ability to overwrite the standard Password Reset message with a custom message for your organization.  
===Intruder Email Alert===
These settings define who should be informed by email if an intruder alert is detected. A default emial template is used and contains the following values:
 
[[File:10-12-2016 1-15-24 PM.png]]
The Default template uses the primary contact on the root company record to populate the '''Email To'''.
2,299
edits

Navigation menu