Overview
Sign in settings for the Equus Platform can be configured on the User Password Rules screen. This is located under the Configuration tab under Security Maintenance. On this screen you can specify:
Password Rules and associated specifics
Lock Configuration for the system
Session Management Settings
Device Authorization Settings
Login/Password Rules
Here you can set overall rules for passwords:
Number of Days Password is Valid - the number of days until a user is required to reset their password.
Number of Passwords to Differ from - the number of previous passwords that a users' new password should be unique from.
Disallow Multiple Password Changes Within 24 Hours - this setting when active restricts users from making multiple password changes within a 24 hour period.
Password Characters
Here you can specify the requirements of a users password:
Minimum Length - the minimum password length for users.
Number of Required Alpha Characters - the number of alpha characters (eg. abc) that a password must contain.
Number of Required Numeric Characters - the number of numeric characters (eg. 123) that a password must contain.
Number of Required Special Characters - the number of special characters (eg. !"£) that a password must contain.
Locking
Equus Platform can be configured to lock a user account in certain situations using the following fields:
Days Inactive Before Automatic Lock - the number days before a user account is automatically locked due to inactivity.
Number of Failed Attempts Before Automatic Lock - the number of failed log in attempts before a user account it automatically locked.
Hours Locked by Failed Attempts - the number of hours a user account remains locked, after breaching the 'Number of Failed Attempts..' value (see above).
The following screen will be seen when a user account has become locked out:
Session Management
Prevent Multiple Sessions - When this checkbox is ticked it prevents the multiple users to be logged in at the same time with the same User ID. When enabled, the first user will be automatically logged out when the second user logs in with the same User ID.
Device Authorization
Remember This Device Duration in Days - how long the system will remember a user's device. This must be a value between 0 and 365. If set to 0, users will have to verify their device every time they sign in.
Authorization Code Timeout In Minutes - the duration that authorization codes are valid for. This will be displayed on the authorization screen presented to users.
Device Verification Method - the setting that turns on or off app-based Multi Factor Authentication. There are 3 options:
Email (Legacy) - Equus Platform will send Device Authorization codes via email.
Authentication App (Opt-In) - when selected, the first time users log into the system they first receive a Device Authorization code by email. Once this device is authorized, they will have the option to set-up multi factor authentication. If they wish to remain using use Device Authorization via email, they can chose to decline by clicking cancel.
Authentication App (Mandatory) - similar to the above, however users will not be able to decline setting up a Multi Factor Authentication app.
Things to Note
You should not select the Authentication App (Mandatory) option for the Device Verification Method if some users do not have a means of setting up an authentication app.
If a client chooses to switch back to the Email (Legacy) option for the Device Verification Method after using one of the others, it will clear the Multi-Factor Authentication keys for all users who are already set up. All users will have then be reverted to Device Authorization codes via email. If at a later time, you then chooses to re-enable an Authentication App option, users will have to go through the set-up process again on their device.