Views:
Edit security preferences for the SMS.

Procedure

  1. Select EditPreferencesSecurity.
  2. Specify the level of security required when creating a username and password.
    Level Description
    0 - None
    • Usernames cannot contain a space or a backslash.
    • Password length and complexity are not restricted.
    • Passwords cannot contain a space.
    1 - Low
    Passwords must meet Level 0 (None) restrictions and the following:
    • Usernames must be at least six characters.
    • Passwords must be at least eight characters.
    • New password must be different from the previous password.
    2 - Medium (default) Passwords must meet Level 1 (Low) restrictions and the following:
    • Must contain at least two alphabetic characters.
    • Must contain at least one numeric characters.
    • Must contain at least one non-alphanumeric character (examples include ! ? $ * #).
    3 - High Passwords must meet Level 2 (Medium) restrictions and the following:
    • Must contain at least 15 characters.
    • Must contain at least one uppercase character.
    • Must contain at least one lowercase character.
    • Must be different from the previous password in at least half of the corresponding character positions.
  3. Select password preferences from the following options:
    • Require password to be different from user ID
    • Lock user after failed login attempts, and enter a threshold to set the number of unsuccessful consecutive attempts.
    • Require new password to be different from previous passwords, and enter the number of previous passwords the SMS will check.
    • Show previous login details when a user logs in, and enter the number of days as the count period. The SMS displays information for:
      • Last successful login including date, timestamp, and IP address.
      • Number of successful logins in the last number of days.
      • Last failed login attempt including date, timestamp, and IP address.
      • Number of failed login attempts since the last successful login.
      • Any group or role changes to the user account since the last login.
    • Disable inactive user accounts, and enter the number of days the user account must be inactive before it is disabled on the SMS.
    • Require user to re-authenticate, and set a time.
    • Enforce a minimum password lifetime. Except for users with a superuser role, passwords cannot be changed until the minimum time has passed.
  4. Select Limit number of total and user sessions to determine whether the SMS limits the number of active sessions allowed on the SMS, or for a user, and enter a maximum number.
  5. Select SMS client preferences from the following options:
    • Allow storing the username and server used to login to this SMS
    • Timeout client session after inactivity, and enter the number of minutes a user can be inactive.
    • Lock client session after inactivity, and enter the number of minutes a user can be inactive.
    • Auto reconnect client to server after a disconnect occurs
      Note
      Note
      When the SMS is configured to use two-factor authentication, a user account might be locked out if there are network interruptions. Learn more: Configure authentication
  6. Click OK. If you update a user's security level, the SMS forces a password change at the next login if the security level restrictions set for the user requires it.