System Settings / Security Settings

Security Settings

ELMA365 allows you to enhance your data protection with configurable security settings. To use this feature, go to Administration>Security Settings.

Here you can specify the minimum password length, its quality and frequency of change, restrict the number of invalid login attempts, configure conditions for user account lockout, and enable two-factor authentication.

начало внимание

Only users included in the Administrators group can change the security settings.

конец внимание

Password Policy

In this section, you can adjust user passwords strength and configure user account lockout after several invalid login attempts.

The system will use these settings for user authentication and password recovery.

security-settings-1

The available password policy options are:

  • Minimum password length. Specify the minimum number of characters in a password. If the password length is not enough, the system will notify the user about it when he or she tries to sign in.
  • Use complex password. If this option is enabled, the system will require a password to contain upper- and lowercase letters, numbers, and special characters, for example, +! #, etc. If the password does not meet the requirements, when trying to log in, the user will see a notification about this.
  • Number of invalid login attempts. Enter the number of times the user can attempt to log in to his or her account with an invalid password before the account is locked. To disable the option, set its value to 0.
  • Reset account lockout counter after. Enter the number of minutes that must elapse after a failed login attempt to reset the counter to 0. If the limit is not exceeded, the counter starts from the beginning. The user will not be locked.

For example, you limited the number of invalid login attempts to three and the account lockout time to one minute. The user who has entered the wrong password twice can wait for one minute and get three login attempts again.

If the time limit is set to 0, the counter won’t be reset and the system will lock the user account after the limit of invalid login attempts is reached.

  • Account lockout duration in minutes. Enter the number of minutes the user is unable to log in to the system after he or she has exceeded the limit of login attempts. In the system, the user status changes to Locked. Once the lockout period expires, the user can try to log in again. If the lockout duration is set to 0, the only person who can unlock the user is the Administrator. To unlock a user, go to Administration>Users, open the user profile, and click Unlock.
  • User groups that must be informed about account lockout. Here you can specify the user groups that will be notified in the activity stream about account lockout.
  • How often the password is reset, in days. Specify how often users must change the passwords to log in. To disable the option, set its value to 0.
  • Email resend interval, in days. Specify the period for sending emails to remind the user to change the password. If the interval is set to 0, the email will be sent only once. After changing the password, the sending of emails stops automatically.
  • Escalation. This option allows locking a user until the password is changed.

Two-factor authentication

You can require users to verify their identities before the authentication. You can add an extra layer of security to ensure that a user account is used by your employee and not someone else.

security-settings-2

To set up two-factor authentication:

  1. Select a Second authentication factor.
  • SMS. Users will be required to enter the login, password, and individual code from SMS. The code will be sent to the number specified in the user profile settings in the Mobile field.
    • SMS provider. Select the SMS service provider the system will use to send the individual code to the user. In ELMA365, integrations with SMSCenter and SMSRU providers are currently available.

начало внимание

If the provider is not listed, make sure that the integration module is enabled and configured for it.

конец внимание

  • Email. Users will be required to enter the login, password, and individual code sent to their emails. The email will be sent to the address specified during registration of the user in the system.

Please note that in ELMA365 On-premises, the authentication code is sent through the smtp server specified during system installation.

  1. Click the Save button. You will receive a verification code for the connection to the service. Depending on the selected authentication factor, the code will be sent via email or SMS.
  2. In the opened window, enter the received code and click the Confirm button.

security-settings-3

Please note that if you close the verification window or enter an incorrect code, the two-factor authentication settings will not be saved.

Found a typo? Highlight the text, press ctrl + enter and notify us