Tenant security settings
The tenant security settings control various aspects of allowed passwords, allowed login attempts and lock out time period, and so on.
To access a tenant's security settings, you need to login as a tenant administrator user and launch the Planning Space client application. Click Security in the Navigation menu, and Settings in the Security top menu.
Click the Save button (at the bottom of the screen) to save the changes that you make. Click the Discard changes button to undo any unsaved changes.
The available settings are detailed in the following tables.
Login and password settings
Note: the Password settings only apply to 'Local' user accounts, since these accounts have passwords that are stored and authenticated by the IPS Server.
| Setting name | Description | Default value | Allowed values or range |
|---|---|---|---|
| Number of invalid login attempts before account is locked | The number of failed login attempts that will cause a user account to be locked out. Value 0 means the account will never be locked out. | 3 | 0 to 999 |
| Number of minutes account will be locked for | The lockout period in minutes for the account, after which it will automatically become unlocked. An administrator can manually unlock an account at any time. Value 0 means the account will be locked out until an administrator manually unlocks it. | 60 | 0 to 99999 |
| Number of minutes before login attempts will be reset | Time period in minutes that must elapse until the login attempt counter is reset to zero, after a failed login attempt. The reset period must be less than or equal to the account lockout period. | 60 | 0 to 99999 |
| Default account expiry date | The default value for an account expiry date. | None (account does not expire) | Date in format DD/MM/YYYY |
| Number of passwords to be retained in history | The number of passwords that will be stored and checked when a password is changed. A new password cannot be the same as a stored password. Value 0 means that no passwords are stored; therefore a user may keep the same password. A non-zero value is recommended. | 5 | 0 to 24 |
| Number of days before password expiry | The number of days until a user must change their password. Value 0 means passwords do not expire. The recommended value is between 30 and 90 days. | 60 | 0 to 999 |
| Number of days a password can be changed after | The number of days after a password change, during which a password cannot be changed by the user. Value 0 means the password can be changed immediately. The value must be less than the 'days before password expiry' value (if it is not 0). This setting can prevent users from rapidly-changing passwords in order to escape the password history restrictions and reuse old passwords. Note: an Administrator can set a user account to require the user to change password at the next login. | 0 | 0 to 998 |
| Minimum number of characters a password must contain | The minimum number of characters required when a password is set or changed. | 6 | 6 to 14 |
| Password must meet complexity requirements | Policy setting which determines whether new passwords are required to meet complexity requirements. The requirements are: (1) password must not contain the user's login ID, or parts of the user's name which are longer than two consecutive characters; (2) password must contain characters from at least three out of four of the following categories: English uppercase characters (A to Z), English lowercase characters (a to z), Digits (0 to 9), non-alphabetic characters (for example: !, $, #, %). | Disabled | Enabled or Disabled |
Workgroup settings
| Setting name | Description | Default value | Allowed values or range |
|---|---|---|---|
| Economics/Financials/CASH: Workgroups to assign to new hierarchies |
For the applications Economics, Financials, and CX CASH: this policy determines which workgroups will be added with full permissions when a new Calculation Hierarchy is created. Click the Manage workgroups button and use the check boxes to add/remove workgroups. For version 16.5 Update 15 and later: There are two independent settings for 'Economics/CASH' and 'Financials'. (This makes it easier to maintain a separation between the heirarchies that are visible to Economics-only or Financials-only users.) |
None | Workgroups defined in the tenant |
| Dataflow: Workgroups to assign to new tags | Only for Dataflow: this policy determines which workgroups will be added with full permissions when a new tag is created. Click the Manage workgroups button and use the check boxes to add/remove workgroups. | None | Workgroups defined in the tenant |