Security settings
The tenant Security Settings control various aspects of allowed passwords, allowed login attempts and lock out time period, and so on.
To access the settings, click Security in the Navigation menu, and Settings in the Security top menu.
Note: You can only access this screen if you are logged in as an Administrator user, or if you are using a user account which is granted the role 'Security/Security'.
Click the Save button to save the changes that you have made. Click the Discard changes button to undo any unsaved changes.
The available settings are detailed in the following table. The Password settings do not apply to Windows-authenticated user accounts, since these accounts do not have passwords defined within the tenant.
Setting name |
Description |
Default value |
Allowed values or range |
Number of invalid login attempts before account is locked: | The number of failed login attempts that will cause a user account to be locked out. Value 0 means the account will never be locked out. | 3 | 0 to 999 |
Number of minutes account will be locked for | The lockout period in minutes for the account, after which it will automatically become unlocked. An administrator can manually unlock an account at any time. Value 0 means the account will be locked out until an administrator manually unlocks it. | 60 | 0 to 99999 |
Number of minutes before login attempts will be reset | Time period in minutes that must elapse until the login attempt counter is reset to zero, after a failed login attempt. The reset period must be less than or equal to the account lockout period. | 60 | 0 to 99999 |
Default account expiry date | The default value for an account expiry date. | None (account does not expire) | Date in format DD/MM/YYYY |
Number of passwords to be retained in history | The number of passwords that will be stored and checked when a password is changed. A new password cannot be the same as a stored password. Value 0 means that no passwords are stored; therefore a user may keep the same password. A non-zero value is recommended. | 5 | 0 to 24 |
Number of days before password expiry | The number of days until a user must change their password. Value 0 means passwords do not expire. The recommended value is between 30 and 90 days. | 60 | 0 to 999 |
Number of days a password can be changed after | The number of days after a password change, during which a password cannot be changed by the user. Value 0 means the password can be changed immediately. The value must be less than the 'days before password expiry' value (if it is not 0). This setting can prevent users from rapidly-changing passwords in order to escape the password history restriction. Note: an administrator can set a user account to require the user to change password at the next login. | 0 | 0 to 998 |
Minimum number of characters a password must contain | The minimum number of characters required when a password is set or changed. | 6 | 6 to 14 |
Password must meet complexity requirements | Policy setting which determines whether new passwords are required to meet complexity requirements. The requirements are: (1) password must not contain the user's login ID, or parts of the user's name which are longer than two consecutive characters; (2) password must contain characters from at least three out of four of the following categories: English uppercase characters (A to Z), English lowercase characters (a to z), Digits (0 to 9), non-alphabetic characters (for example: !, $, #, %). | Disabled | Enabled or Disabled |
Workgroups to assign to new hierarchies | For the applications Economics, Financials, and CX CASH: this policy determines which workgroups will be added with full permissions when a new Calculation Hierarchy is created. Click the Manage workgroups button and use the tick boxes to add/remove workgroups. | None | Workgroups defined in the tenant |