Changes

Password Policy

12 bytes added, 13:41, 6 October 2017
no edit summary
word-wrap: break-word;">&lt;!--@sslogic('@langid@'='2')-->&lt;br>@system.Password Policy - French@&lt;!--@else-->&lt;br>@system.Password Policy@&lt;!--@end--></pre>
 
===Hierarchical Password Policy===
 
When viewing a company in your hierarchy, select '''Settings > Password Policy''' to define. <br/><br/>
 
A different password policy can be defined for each company within the system. <br/><br/>
 
If there are password policies defined for a company then it will automatically apply to all sub-companies in the [[Creating_an_Organization_Chart_and_Company_Hierarchy|hierarchy]], unless those sub-companies have defined their own password policy. <br/><br/>
 
If there are no password policies defined for a company, then the system will look at the companies above it in the hierarchy, and if one of these parent companies have a password policy set then it will use these settings. <br/><br/>
 
If there are no password policies defined for a company, or any of the companies above it in the hierarchy, then the password policy set in [[Global_Settings|Global Settings]] will apply.<br/><br/>
 
''NOTE:'' There are no settings stored in the database for a company until someone actually opens the Password Policy page for that company and clicks Save.
===New Password Settings===
* '''Password History Check''' - You can set the number of previous passwords (to a maximum of 32) that the system will remember for each user. When changing their password, users will not be permitted to re-use a previous password until the specified number of unique passwords have been used.
 
===Password Activation Settings===
===Intruder Lockout Settings===
[[image:password-006.png]]
* ''When an account has been locked for exceeding the allotted number of attempts, after the lockout time has passed they are permitted only one attempt at the correct password. A single incorrect password at this point will re-lock the account for the configured lockout duration. In other words, once someone is on the "locked user" list they are only permitted a single wrong attempt and they will be locked for the lockout duration again. This prevents would-be intruders from having multiple attempts to guess the password each time the lockout duration has passed. ''
===Password Reset Message===
[[image:password-005.png]]
This feature provides the ability to overwrite the standard Password Reset message with a custom message for your organization.
 ===Intruder Email Alert===
These settings define who should be informed by email if an intruder alert is detected. A default emial template is used and contains the following values:
'''Intruder Alert Email Variables''' – because the [[User|user]] is not logged into the system, the amount of information available is limited to IP Address '''@ip@''', the attempted username '''@username@''' and date/time '''@now@''' of the attempted login.
 ===Intruder Log===
The '''View Log''' tab is used to access the '''Intruder Alert''' log.
* The list can be sorted by clicking the column title.
* You can filter the list by [[Username|username]], year, and month.
 
 
===Hierarchical Password Policy===
 
When viewing a company in your hierarchy, select '''Settings > Password Policy''' to define. <br/><br/>
 
A different password policy can be defined for each company within the system. <br/><br/>
 
If there are password policies defined for a company then it will automatically apply to all sub-companies in the [[Creating_an_Organization_Chart_and_Company_Hierarchy|hierarchy]], unless those sub-companies have defined their own password policy. <br/><br/>
 
If there are no password policies defined for a company, then the system will look at the companies above it in the hierarchy, and if one of these parent companies have a password policy set then it will use these settings. <br/><br/>
 
If there are no password policies defined for a company, or any of the companies above it in the hierarchy, then the password policy set in [[Global_Settings|Global Settings]] will apply.<br/><br/>
 
''NOTE:'' There are no settings stored in the database for a company until someone actually opens the Password Policy page for that company and clicks Save.
Smartstaff, administrator
4,478
edits