Changes

==[[Email & Email Broadcast Security|Email Security Settings]]Enable Cookie Usage Acceptance==The [[Email & Email Broadcast Security|Email & Email Broadcast Security]] settings are used to control which recipients Toggling this on will require users are allowed to send email and email broadcasts to be based on their role. [[Email & Email Broadcast Security|Click here]] for detailed informationaccept the use of cookies from the login page.

==Anonymize Record Lock Owner for Organization and User Records==Select roles for those users who will not see the details of who has locked the particular User or Organization record they are accessing. ==[[Session Timeout]]==The [[Session Timeout]] controls how long a user can be inactive in their browser before they are automatically logged out by the system. Enter your duration in minutes. See [[Session Timeout]] for more information.   =Data Categories=Management Policies Settings=Configure You can access the '''Data Management Policies''' from the same page as the '''Business Security '''options. 1. Click on the 9-square menu icon on the top right of your page. 2. Under the heading '''Configuration, '''select '''Global Settings'''.. 3. Click into the '''Security '''tab. 4. Scroll down until you see the '''Data Category settingsManagement Policies '''heading. 

Configure Data Policy settingshere. Policy types include both Retention as well as Security policies. Policies can be set to require acceptance at a regular interval.

==Anonymize Record Lock OwnerPolicy Field Sets==Select roles for those users who will not see the details of who has the record locked ==[[Session Timeout]]==The [[Session Timeout]] controls how long a user can be inactive in their browser before they Configure Data Policy Field Sets here. These are automatically logged out by linked to Data Policies to ensure that policies contain the system. See [[Session Timeout]] for more correct information.

:: [[File:Sys security settingsSecurity Settings - System Security.png|thumb|none|870px|System Security Settings from Global Settings]]

The system can be configured to [[Enable Logout|automatically logout]] the user and store the session end time in the user log whenever the '''Logout''' button is clicked, the user navigates to a different website , or when the browser is closed.<br />

==Disable Template Page Security==Bypass security validation when editing existing records on UTA template page without authenticated session. ==Disable Calendar Activity Preview Template Security==Allow HTML code on Calendar Activity Preview Template. ==Disable Arcadia Portal Custom Script Restriction==Allow configuration of custom scripts on Arcadia portal settings. This is not recommended. ==Disable Option to Serve Uploaded Files==If toggled on, links to uploaded files will download instead of opening in browser ==Disable Session Timeout AlertLogin Prompt==If [[Session Timeout]] is set, this setting will disable the 30-second alert and login prompt pop-ups. Toggling on will disable the session expired login prompt to allow user to continue on the page they were on and redirect to the main login page.

This Global System Security Setting will disable the validation for matching session IP and browser agent , which is one part of the security features in the platform that protect against Cross Site Framing Forgery attacks. 

==Disable Cross-Site Framing RestrictionLogin Token Check==Allow user login without a session login token. This is not recommended due to security reasons. ==Suppress Local Administrator Alert==Disable crossToggling on will suppress e-site framing restrictionmail notification when new Local Administrators are created. If toggled off, and emails will be sent to all administrators when new Administrators are created. ==Global Allowed File Types==File types listed here will be allowed to be uploaded in upload fields. Leave this section empty if you'd like to allow SmartSimple pages all file types system-wide. Specify a comma separated list of extensions for file types you'd like to allow. Additional restrictions can be directly embedded within external sites outside the current server domainadded on individual upload fields.

==Disable HTTP Cache ControlGlobal CAPTCHA Validation==Disable HTTP cache '''Enabled''' and '''Disabled''' will control no-cache restrictionwhether or not CAPTCHA will appear in all areas of the system. If '''Inherit''' is selected, you can choose at the signup and template page level when you want the CAPTCHA to appear. If '''Enabled''' is selected, CAPTCHA will automatically appear on login and activation pages. The default CAPTCHA service is Google's reCAPTCHA.

==Disable Concurrent Login CheckCountries Using Alternate CAPTCHA Service==Allows same user Countries added here will use alternate CAPTCHA services. This is only if Global Captcha Validation is set to be logged in from multiple sessions'''Enabled''' or '''Inherit'''. Primarily used for load testing purposes, and strongly recommended that this The default CAPTCHA service is not set when going liveGoogle's reCAPTCHA.