Super users can set security preferences for any site, and Admin users can set security preferences for child sites that they manage.
Security preferences include password requirements and policies for failed login attempts. An option also specifies whether Admin users in a site can change the site’s security preferences as described in Set security preferences for your site.
To set a site’s security preferences, you can do one of the following:
•Apply “factory” security preferences that are installed with Portal.
•If the site is a parent site, apply the default security preferences for the Portal instance.
Note: Super users specify the default security preferences. See Specify default security preferences.
•If the site is a child site, apply the parent site’s security preferences.
•Create custom security preferences.
To set security preferences for a site:
1. When signed in as a Super user or as an Admin user who can manage child sites, click Sites on the navigation bar.
2. Find the site for setting security preferences, and expand its view by clicking the site row.
3. Click the Security Preferences tab.
The tab shows the site’s current security preferences.
4. Do one of the following:
•To apply the security preferences that are installed with Portal, select Factory preferences.
•If the site is a parent site, to apply the default security preferences for the Portal instance, select Inherit preferences from Portal instance.
•If the site is a child site, to apply the parent site’s security preferences, select Inherit preferences from parent company.
Note: If you select factory, default, or parent site security preferences, values in the Password Validity, Password Strength, and User Session boxes cannot be edited.
•To create custom security preferences for the site, select Custom preferences. Change values in any of the following fields:
|
Password Validity | |
|
Maximum Consecutive Failed Logins |
Specifies the number of consecutive failed login attempts after which an account is locked. The value must be between 1 and 999. |
|
Lockout Time (minutes) |
Specifies the number of minutes an account is locked after a user reaches the maximum number of failed login attempts. The value must be between 1 and 1440 minutes. Note: Admin users and Super users can unlock locked accounts. See Unlock a user’s account. |
|
Password Expiry (in days) |
Specifies the number of days after which a user’s password expires and the user must change the password. If you do not want passwords to expire, enter 0 (zero). |
|
Password Reuse History |
Specifies the number of previous passwords that a user cannot repeat. The value must be between 1 and 24. |
|
Password Strength | |
|
Minimum Password Length |
Specifies the minimum number of characters in a password. The value must be between 6 and 30. |
|
Minimum Uppercase Characters |
Specifies the minimum number of uppercase letters in a password. The value must be between 0 and 30. |
|
Minimum Lowercase Characters |
Specifies the minimum number of lowercase letters in a password. The value must be between 0 and 30. |
|
Minimum Numeric Characters |
Specifies the minimum number of numeric characters in a password. The value must be between 0 and 30. |
|
Minimum Special Characters |
Specifies the minimum number of special characters in a password. The value must be between 0 and 30. |
|
Allowed Special Characters |
Specifies special characters that are allowed in a password. Commas, letters, and numbers cannot be allowed as special characters. |
|
User Session | |
|
Session Timeout (minutes) |
Specifies the amount of idle time in minutes before a session is timed out. The value must be between 1 and 1440 minutes. |
5. To allow Admin users in the site to change the site’s security preferences, select the Site admins can override security preferences option.
6. Click Save.