These are some basic settings for the whole itmSUITE® environment which can be made by the superadmin only. These settings are available from General/System/Application Settings and they include: password policies management and mail server (this mail server is only used to send password or username recovery message, it is not used at company level).
Password policies manangement
The Password Options tab of General/System/Application Settings enables to activate management policies for the whole itmSUITE® environment (they will be applied to all the defined companies in the environment). When the Enable Policy field is checked, the following fields become editable:
|Password Expiration Days||The number of days the password will remain valid.||Mandatory||The value "0" is entered by default, meaning the password never expires. The expiration days are newly counted after any password reset.|
|Password Expiration Warn Days||The number of days the user is warned before the password expires.||Mandatory||The value "0" is entered by default, meaning the warning message will be never sent.|
|Change at First Login||When set, this forces the user to change his/her password at first login.||Mandatory|
|Password Format||When set, this fnable to define the rules to validate a passwordorces the user to change his/her password at first login.||Mandatory||This field is visible only if the Password Options tab is first saved.|
|Min Password Length||The minimum number of characters of the password.||Dependent, Mandatory||This field is visible only if Password Format is enabled.|
|Min Uppercas Characters||The minimum number of uppercase characters which the password should contain.||Dependent, Mandatory||This field is visible only if Password Format is enabled.|
|Min Numeric Characters||The minimum number of numeric characters (0....9) which the password should contain.||Dependent, Mandatory||This field is visible only if Password Format is enabled.|
|Min Symbolic Characters||The minimum number of symbols ($, &, %, etc.) which the password should contain.||Dependent, Mandatory||This field is visible only if Password Format is enabled.|
It is possible not to set any policy which means no controls on password is made nor passwords expire.
The Login Options tab allows to setup autorecovery and login locking features.
Autorecovery feature allows the user to recover his/her username and password. If Account Recovery is set, itmSUITE® will supply the needed links to recover username and/or password if lost. This is done by sending to the user a mail to his/her mail address with the instructions to recover the information. Therefore, mail server configuration shall be completed to make it working. This feature is not available if LDAP integration is configured.
Login locking features
This is a security feature of itmSUITE®, enabling to lock intrusions which try to crack passwords. The feature will lock the user account according to predefined access patterns. The following configurations are available:
|Enable Login lock||If set, it enables locking policies according to the configured rules.||Mandatory|
|Max Login Attempts||Maximum login attempts allowed before locking a user.||Dependent, Mandatory||This field is visible only if Enable Login Lock is enabled.|
|Lock Management Policy||It sets the policy used when login is locked. The following policies are available:
"Lock Period" policy uses Freeze Time and Max Login Sessions parameters. It is the time during which a user can't login if he/she failed to provide the correct credentials for a maximum number of times (set with Max Login Attempts).
"Manual Reactivation" policy means that the user shall be reactivated manually after is account is locked.
|Dependent, Mandatory||This field is visible only if Enable Login Lock is enabled.|
|Freeze Time||The number of minutes the user shall wait before the system allows him/her to attempt another login. This time is operational if the Lock Management Policy is set to "Lock Period".||Dependent, Mandatory||This field is visible only if Enable Login Lock is enabled.|
|Max Login Sessions||Max number of consecutive locks which are admitted. A lock occurs if the user fails to provide the correct credentials for a maximum number of times (set with Max Login Attempts). After the user has exceeded the maximum number of locks, it shall be reactivated manually by the superadmin.||Dependent, Mandatory||This field is visible only if Enable Login Lock is enabled.|
If a locking policy is set, the users can be locked if they fail to give their correct credentials as defined in the policy rules. If so, they can be unlocked by an admin or superadmin. Admin may unlock users associated with his/her administered companies. Superadmin may unlock admins.
Logging sessions and locking events are monitored by itmSUITE®. Please, refer to Users and Resources page for more information.
The settings of the Mail Options tab allow to define the parameters for the mail sending server. The following configurations are available: