Differenze tra le versioni di "Application Settings"
(→Login locking features) (Etichetta: visualeditor) |
|||
(15 versioni intermedie di 2 utenti non mostrate) | |||
Riga 1: | Riga 1: | ||
− | These are some basic settings for the whole itmSUITE® environment which can be made by the ''[[Glossary|superadmin]]'' only. These settings are available from '''''General/System/Application Settings''''' and they include: password policies management and mail server | + | These are some basic settings for the whole itmSUITE® environment which can be made by the ''[[Glossary|superadmin]]'' only. These settings are available from '''''General/System/Application Settings''''' and they include: password policies management and mail server (this mail server is only used to send password or username recovery message, it is not used at ''[[Glossary|company]]'' level). |
== Password policies manangement == | == Password policies manangement == | ||
Riga 15: | Riga 15: | ||
|<u>Password Expiration Warn Days</u> || The number of days the user is warned before the password expires. | |<u>Password Expiration Warn Days</u> || The number of days the user is warned before the password expires. | ||
|| Mandatory | || Mandatory | ||
− | || | + | || The value "0" is entered by default, meaning the warning message will be never sent. |
|- | |- | ||
Riga 29: | Riga 29: | ||
|- | |- | ||
|<u>Min Password Length</u> || The minimum number of characters of the password. | |<u>Min Password Length</u> || The minimum number of characters of the password. | ||
− | || Mandatory | + | || Dependent, Mandatory |
|| This field is visible only if <u>Password Format</u> is enabled. | || This field is visible only if <u>Password Format</u> is enabled. | ||
|- | |- | ||
|<u>Min Uppercas Characters</u> || The minimum number of uppercase characters which the password should contain. | |<u>Min Uppercas Characters</u> || The minimum number of uppercase characters which the password should contain. | ||
− | || Mandatory | + | || Dependent, Mandatory |
|| This field is visible only if <u>Password Format</u> is enabled. | || This field is visible only if <u>Password Format</u> is enabled. | ||
|- | |- | ||
|<u>Min Numeric Characters</u> || The minimum number of numeric characters (0....9) which the password should contain. | |<u>Min Numeric Characters</u> || The minimum number of numeric characters (0....9) which the password should contain. | ||
− | || Mandatory | + | || Dependent, Mandatory |
|| This field is visible only if <u>Password Format</u> is enabled. | || This field is visible only if <u>Password Format</u> is enabled. | ||
|- | |- | ||
|<u>Min Symbolic Characters</u> || The minimum number of symbols ($, &, %, etc.) which the password should contain. | |<u>Min Symbolic Characters</u> || The minimum number of symbols ($, &, %, etc.) which the password should contain. | ||
− | || Mandatory | + | || Dependent, Mandatory |
|| This field is visible only if <u>Password Format</u> is enabled. | || This field is visible only if <u>Password Format</u> is enabled. | ||
Riga 55: | Riga 55: | ||
=== Autorecovery === | === Autorecovery === | ||
− | Autorecovery feature allows the''[[Glossary|user]]''to recover his/her username and password. If <u>Account Recovery</u> is set, itmSUITE® will supply the needed links to recover username and/or password if lost. This is done by sending to the ''[[Glossary|user]]'' a mail to his/her mail address with the instructions to recover the information. Therefore, mail server configuration shall be completed to make it working. | + | Autorecovery feature allows the ''[[Glossary|user]]'' to recover his/her username and password. If <u>Account Recovery</u> is set, itmSUITE® will supply the needed links to recover username and/or password if lost. This is done by sending to the ''[[Glossary|user]]'' a mail to his/her mail address with the instructions to recover the information. Therefore, mail server configuration shall be completed to make it working. '''<u>This feature is not available if [[LDAP]] integration is configured</u>'''. |
=== Login locking features === | === Login locking features === | ||
Riga 70: | Riga 70: | ||
|- | |- | ||
|<u>Max Login Attempts</u> || Maximum login attempts allowed before locking a ''[[Glossary|user]]''. | |<u>Max Login Attempts</u> || Maximum login attempts allowed before locking a ''[[Glossary|user]]''. | ||
− | || Mandatory | + | || Dependent, Mandatory |
|| This field is visible only if <u>Enable Login Lock</u> is enabled. | || This field is visible only if <u>Enable Login Lock</u> is enabled. | ||
Riga 80: | Riga 80: | ||
"Manual Reactivation" policy means that the ''[[Glossary|user]]'' shall be reactivated manually after is account is locked. | "Manual Reactivation" policy means that the ''[[Glossary|user]]'' shall be reactivated manually after is account is locked. | ||
− | || Mandatory | + | || Dependent, Mandatory |
|| This field is visible only if <u>Enable Login Lock</u> is enabled. | || This field is visible only if <u>Enable Login Lock</u> is enabled. | ||
|- | |- | ||
|<u>Freeze Time</u> || The number of minutes the ''[[Glossary|user]]'' shall wait before the system allows him/her to attempt another login. This time is operational if the <u>Lock Management Policy</u> is set to "Lock Period". | |<u>Freeze Time</u> || The number of minutes the ''[[Glossary|user]]'' shall wait before the system allows him/her to attempt another login. This time is operational if the <u>Lock Management Policy</u> is set to "Lock Period". | ||
− | || Mandatory | + | || Dependent, Mandatory |
|| This field is visible only if <u>Enable Login Lock</u> is enabled. | || This field is visible only if <u>Enable Login Lock</u> is enabled. | ||
|- | |- | ||
|<u>Max Login Sessions</u> || Max number of consecutive locks which are admitted. A lock occurs if the ''[[Glossary|user]]'' fails to provide the correct credentials for a maximum number of times (set with <u>Max Login Attempts</u>). After the ''[[Glossary|user]]'' has exceeded the maximum number of locks, it shall be reactivated manually by the ''[[Glossary|superadmin]]''. | |<u>Max Login Sessions</u> || Max number of consecutive locks which are admitted. A lock occurs if the ''[[Glossary|user]]'' fails to provide the correct credentials for a maximum number of times (set with <u>Max Login Attempts</u>). After the ''[[Glossary|user]]'' has exceeded the maximum number of locks, it shall be reactivated manually by the ''[[Glossary|superadmin]]''. | ||
+ | || Dependent, Mandatory | ||
+ | || This field is visible only if <u>Enable Login Lock</u> is enabled. | ||
+ | |||
+ | |} | ||
+ | If a locking policy is set, the [[Glossary|users]] can be locked if they fail to give their correct credentials as defined in the policy rules. If so, they can be unlocked by an ''[[Glossary|admin]]'' or ''[[Glossary|superadmin]]''. ''[[Glossary|Admin]]'' may unlock ''[[Glossary|users]]'' associated with his/her administered ''[[Glossary|companies]]''. ''[[Glossary|Superadmin]]'' may unlock ''[[Glossary|admins]]''. | ||
+ | |||
+ | Logging sessions and locking events are monitored by itmSUITE®. Please, refer to [[Users and Resources]] page for more information. | ||
+ | |||
+ | == Mail options == | ||
+ | The settings of the <u>''Mail Options''</u> tab allow to define the parameters for the mail sending server. The following configurations are available: | ||
+ | |||
+ | {| class="wikitable" | ||
+ | ! Field !! Description !! Characteristics !! Comments | ||
+ | |||
+ | |- | ||
+ | |<u>Host</u> || TBC | ||
|| Mandatory | || Mandatory | ||
− | || | + | || |
+ | |||
+ | |- | ||
+ | |<u>Port</u> || TBC | ||
+ | || Mandatory | ||
+ | || | ||
+ | |||
+ | |- | ||
+ | |<u>User</u> || TBC | ||
+ | || Discretionary | ||
+ | || | ||
+ | |||
+ | |- | ||
+ | |<u>Password</u> || TBC | ||
+ | || Discretionary | ||
+ | || | ||
+ | |- | ||
+ | |||
+ | |<u>Mail from</u> || TBC | ||
+ | || Mandatory | ||
+ | || | ||
+ | |||
+ | |- | ||
+ | |<u>Advanced Properties</u> || TBC | ||
+ | || Discretionary | ||
+ | || | ||
|} | |} |
Versione attuale delle 12:43, 12 mag 2015
These are some basic settings for the whole itmSUITE® environment which can be made by the superadmin only. These settings are available from General/System/Application Settings and they include: password policies management and mail server (this mail server is only used to send password or username recovery message, it is not used at company level).
Indice
Password policies manangement
The Password Options tab of General/System/Application Settings enables to activate management policies for the whole itmSUITE® environment (they will be applied to all the defined companies in the environment). When the Enable Policy field is checked, the following fields become editable:
Field | Description | Characteristics | Comments |
---|---|---|---|
Password Expiration Days | The number of days the password will remain valid. | Mandatory | The value "0" is entered by default, meaning the password never expires. The expiration days are newly counted after any password reset. |
Password Expiration Warn Days | The number of days the user is warned before the password expires. | Mandatory | The value "0" is entered by default, meaning the warning message will be never sent. |
Change at First Login | When set, this forces the user to change his/her password at first login. | Mandatory | |
Password Format | When set, this fnable to define the rules to validate a passwordorces the user to change his/her password at first login. | Mandatory | This field is visible only if the Password Options tab is first saved. |
Min Password Length | The minimum number of characters of the password. | Dependent, Mandatory | This field is visible only if Password Format is enabled. |
Min Uppercas Characters | The minimum number of uppercase characters which the password should contain. | Dependent, Mandatory | This field is visible only if Password Format is enabled. |
Min Numeric Characters | The minimum number of numeric characters (0....9) which the password should contain. | Dependent, Mandatory | This field is visible only if Password Format is enabled. |
Min Symbolic Characters | The minimum number of symbols ($, &, %, etc.) which the password should contain. | Dependent, Mandatory | This field is visible only if Password Format is enabled. |
It is possible not to set any policy which means no controls on password is made nor passwords expire.
Login Options
The Login Options tab allows to setup autorecovery and login locking features.
Autorecovery
Autorecovery feature allows the user to recover his/her username and password. If Account Recovery is set, itmSUITE® will supply the needed links to recover username and/or password if lost. This is done by sending to the user a mail to his/her mail address with the instructions to recover the information. Therefore, mail server configuration shall be completed to make it working. This feature is not available if LDAP integration is configured.
Login locking features
This is a security feature of itmSUITE®, enabling to lock intrusions which try to crack passwords. The feature will lock the user account according to predefined access patterns. The following configurations are available:
Field | Description | Characteristics | Comments |
---|---|---|---|
Enable Login lock | If set, it enables locking policies according to the configured rules. | Mandatory | |
Max Login Attempts | Maximum login attempts allowed before locking a user. | Dependent, Mandatory | This field is visible only if Enable Login Lock is enabled. |
Lock Management Policy | It sets the policy used when login is locked. The following policies are available:
"Lock Period" policy uses Freeze Time and Max Login Sessions parameters. It is the time during which a user can't login if he/she failed to provide the correct credentials for a maximum number of times (set with Max Login Attempts). "Manual Reactivation" policy means that the user shall be reactivated manually after is account is locked. |
Dependent, Mandatory | This field is visible only if Enable Login Lock is enabled. |
Freeze Time | The number of minutes the user shall wait before the system allows him/her to attempt another login. This time is operational if the Lock Management Policy is set to "Lock Period". | Dependent, Mandatory | This field is visible only if Enable Login Lock is enabled. |
Max Login Sessions | Max number of consecutive locks which are admitted. A lock occurs if the user fails to provide the correct credentials for a maximum number of times (set with Max Login Attempts). After the user has exceeded the maximum number of locks, it shall be reactivated manually by the superadmin. | Dependent, Mandatory | This field is visible only if Enable Login Lock is enabled. |
If a locking policy is set, the users can be locked if they fail to give their correct credentials as defined in the policy rules. If so, they can be unlocked by an admin or superadmin. Admin may unlock users associated with his/her administered companies. Superadmin may unlock admins.
Logging sessions and locking events are monitored by itmSUITE®. Please, refer to Users and Resources page for more information.
Mail options
The settings of the Mail Options tab allow to define the parameters for the mail sending server. The following configurations are available:
Field | Description | Characteristics | Comments |
---|---|---|---|
Host | TBC | Mandatory | |
Port | TBC | Mandatory | |
User | TBC | Discretionary | |
Password | TBC | Discretionary | |
Mail from | TBC | Mandatory | |
Advanced Properties | TBC | Discretionary |