The Security page allows the Administrator to manage many aspects of your site including Password requirements, Username requirements, Multi-Factor requirements, Login Attempts, IP Address settings, and Session Timeout settings.
- Log into the Admin Console.
- Select the Security tab at the top of the screen.
- This section allows Admins to increase the complexity of Usernames.
- They can adjust the minimum character length requirement.
- They can also require Usernames to be alphanumeric.
- This section allows Admins to increase the complexity of passwords with a combination of options.
- Require passwords to have a mix of upper and lowercase letters.
- Require passwords to be alphanumeric.
- Require passwords to include special characters.
- Prevent passwords from including the Username or the User's full name.
- Prevent passwords from beginning or ending with numbers.
- This section allows Admins to further customize password requirements.
- Adjust the minimum password length.
- Set when you'd like password to expire, thus requiring Users to create new passwords.
- Prevent Users from creating a password that they have used in the past.
- Allow specific Users to bypass the expiration limit. (This is useful for Users that are accessed by automated services.)
- Prevent passwords from being changed until a certain amount of time has passed. (This setting will affect super Admins. A Super Admin will be able to override this setting and reset or change anyone's password including their own.)
- Set the number of invalid password attempts before an account is locked.
- Enable the Forgot Password recovery option on the User Portal.
- This section allows Admins to enable Multi-Factor Authentication on your site.
- When enabled, you will sign into your account with your Username and password. Then, as a second factor, the system will generate a one-time code that you enter on the next screen. This code will be delivered to you via Email, SMS, or Phone. Once this code has been entered, you will gain access to your account.
- To learn more about this section, we have an entire list of in-depth support articles located here.
- This section allows Admins to restrict the number of User Login Attempts (successfully or not) per day.
IP Address Restrictions
- This section allows Admins to restrict access to the site based on the IP address.
- Only those Login Attempts originating from IPs which are in the "Allow Entry" IP Address list will be permitted to access the site.
- Attempts from any other IPs will be denied access.
- This only applies to the User Portal, API/Mobile, and the Sync App. It does not apply to FTPS, WebDAV and SFTP connections.
- This section allows Admins to adjust the inactive session timeout settings.
- This applies to both the User Portal and Administration Console.
- Adjust the setting from as low as 5 minutes to as high as 24 hours.
- For a video tutorial on this feature, click here.
Still Have Questions?
If you need help or have additional questions, please contact us.