User Settings Manager

Setting

Description

New User Creation

Allow creation of Self Registered Users

Select this option if you want to enable any user to create a new account for your portal. New users are given the Default Profile settings.

Numeric Authentication

Allow numeric Login for mobile devices

Select this option if you want to allow numeric login. Users who access the portal through mobile devices can probably log on more easily with a numeric user ID.

Auto-assign numeric Login IDs for new Users
 

Select this option if you want to automatically assign a numeric user name when a new user is created (through importation, manual creation, or self-registration).

Note: When you are manually creating a user, the Mobile Device Authentication page does not display a numeric ID; the numeric ID is not assigned until you save the user. To view the automatically generated numeric ID, click the new user's name to open the User Editor and click the Mobile Device Authentication page.

User account locking

Enable account locking

By default, user accounts created through the portal (not those managed through an authentication source) are automatically locked out after repeated failed login attempts.

If you want auto-locking, define the following:

• In the Minutes to track failed Logins box, type the number of minutes you want to track failed login attempts for each user. This period begins at a user's first failed login attempt. If a user reaches the maximum number of failed login attempts within this period, the user is locked out of the portal for the amount of time specified in Minutes to keep user account locked.

• In the Number of failed Login attempts allowed box, type the maximum number of times users can fail their login attempts within the tracking period before they are locked out of the portal.

• In the Minutes to keep user account locked box, type the number of minutes users should remain locked out of the portal before they can attempt to log in again.
  
  Note: You can manually remove user account locks through the User Lock Manager.

Password Management
The user interface displays the applicable password rules. Next to each rule is an icon showing whether the password has met the rule requirement. Password hints appear to the right of the password field to assist the user in typing in a valid password.

Notes:

• Password management applies only to user accounts created through the portal (not those managed through an authentication source).

• Password strength checking is done only when users create or change their passwords. If a rule is changed, the rule will not affect existing passwords.

Minimum Password Length

Type the minimum number of characters required for passwords. The default is 7.

Passwords Require a Number

Select this option if you want passwords to require at least one number. This option is disabled by default.

Passwords Require Upper and Lower Case

Select this option if you want passwords to require at least one upper case letter and one lower case letter. This option is disabled by default.

Passwords Require Punctuation

Select this option if you want passwords to require at least one punctuation character. This option is disabled by default.

Passwords Cannot Include the User ID

Select this option if you want to make sure that passwords do not include the user ID. This option is enabled by default.

Password Reuse History

Type the number of times a user must change passwords before an old password can be reused. If this option is set to 0 (the default setting) passwords can always be reused.

Note: This value must be set to a number between 0 and 12.

Password Expiration

Type the number of days before a password expires. If this option is set to 0 (the default setting) passwords never expire.

If a user's password expires, the user is redirected to the Change Password page until the user changes the password (the user is locked out of the rest of the portal).

Note: The passwords for intrinsic Administrator user, guest users, and default profile users do not expire.

Password Expiration Warning

Type the number of days before a password expires that you want to warn a user to change the password. If this option is set to 0 (the default setting) users receive no warning.

At the specified number of days before expiration, the user is redirected to the Change Password page.

Update Login Token Key

Update Login Token Key

Login tokens are used by many internal processes for authentication. For security purposes, you should occasionally update the key used to generate login tokens by clicking Update.

The frequency at which you need to do this depends on portal usage and your company's required level of security. For a portal that gets moderate usage, you should only need to update the key twice a year.

Notes:

• When you update the key, outstanding tokens become invalid, but the portal issues new keys when the process is refreshed. For this reason, you should try to update the token during low-usage times.

• In general, users should not notice when you update the key. However, users that have the portal remember their password need to reset this option the next time they login to the portal.