This article describes the user password options available. The form below shows where the password related options are chosen, navigate to Configuration > Manage Account Configuration.


Fig 1 - Passwords and User Security


Enable Security Groups

Allows Security Groups to be created for assigning to particular Users and/or data.  Click here for more details on Security Groups


Complex Passwords

This option allows you to set whether complex passwords are enforced for users of the account. By default, complex passwords are not required which results in there being no restrictions on the length or type of characters that users are allowed to use for their password. When complex passwords is set, then a user must specify a password that meets the following criteria:

Is at least 8 characters in length
Contains a least 1 letter character
Contain at least 1 letter character that is upper case
Contain at least 1 numeric character


User Login Session Timeout (Minutes)

This option controls the amount of time a user is inactive before they are automatically logged out of the solution. This setting can prevent unauthorised access to the account by automatically logging out users that leave sessions open.


Enable forced User password Reset

You are able to use this setting to force users to periodically chose a different password. Notice that there is an associated "Number of days before users must change passwords" field which becomes available once this field is set to yes. This allows you to specify the period before a user is prompted to change their password.


Tip: The user is not allowed to reset their password to be the same as their previous password


Apply "Feature Visibility" to admins?

                                         

Whilst security groups can dictate what features a user is able to see it is possible to remove entire sections from a security group’s view. For example, a security group may not need to see the Alerts section. However if the 'Apply "Feature Visibility" to admins' is set to 'No' then admin users will view all sections regardless of their Security Group setting.


Password Change After Reset

If this option is set to Yes then, after a user's password has been reset by an administrator, on first login that user will be required to change their password.

Be aware that if a user is working on a form for a period and then clicks to save their work, if the session has timed out while they were working their data will be lost. It is recommended that a session time out setting is chosen that is reasonable to allow users to work productively.


Force user to use two-factor Authentication

Switches on the Two Factor Authentication feature for all Users.  Click here for more details on Two Factor Authentication


Number of days before Users must change passwords

Set the number of days before a User must update their current password