This article describes the User password options available. The form below shows where the password related options are chosen, navigate to Configuration > Manage Account Configuration.
Fig 1 - Passwords and User Security
Enable Security Groups
Allows Security Groups to be created for assigning to particular Users and/or data. Click here for more details on Security Groups
This option allows you to set whether complex passwords are enforced for Users of the account. By default, complex passwords are not required which results in there being no restrictions on the length or type of characters that Users are allowed to use for their password. When complex passwords is set, then a User must specify a password that meets the following criteria:
- Is at least 8 characters in length
- Contains a least 1 letter character
- Contain at least 1 letter character that is upper case
- Contain at least 1 numeric character
User Login Session Timeout (Minutes)
This option controls the amount of time a User is inactive before they are automatically logged out of the solution. This setting can prevent unauthorised access to the account by automatically logging out Users that leave sessions open.
Be aware that if a User is working on a form for a period and then clicks to save their work, if the session has timed out while they were working their data will be lost. It is recommended that a session time out setting is chosen that is reasonable to allow Users to work productively.
Enable forced User password Reset
You are able to use this setting to force Users to periodically chose a different password. Notice that there is an associated "Number of days before Users must change passwords" field which becomes available once this field is set to yes. This allows you to specify the period before a User is prompted to change their password.
Tip: The user is not allowed to reset their password to be the same as their previous password
Apply "Feature Visibility" to Admins?
Whilst Security Groups can dictate what features a User is able to see it is possible to remove entire sections from a security group’s view. For example, a Security Group may not need to see the Alerts section. However if the 'Apply "Feature Visibility" to Admins' is set to 'No' then Admin users will view all sections regardless of their Security Group setting.
Password Change After Reset
If this option is set to Yes then, after a user's password has been reset by an Administrator, on first login that User will be required to change their password.
Force User to use two-factor Authentication
Switches on the Two Factor Authentication feature for all Users. Click here for more details on Two Factor Authentication
Number of days before Users must change passwords
Set the number of days before a User must update their current password