The security page allows you to modify certain user security settings for your platform. To access Security settings, please follow the following steps:
- Go to the Admin section of your CMNTY Platform.
- On the top menu, go to Configure.
- On the left menu, go to Security.
The first set of security settings you can adjust is for Password Policy. Here you can modify requirements for your members when creating their password.
- PASSWORD EXPIRATION – Set the number of days when a user password expires and will be required to update it. (0=Never)
- MINIMUM PASSWORD LENGTH – Specify the minimum number of characters required in a password. Enter a number between 10 and 30.
- PREVENT PASSWORD REUSE – Specify the number of previous user passwords which the users will be prevented from reusing.
- UPPERCASE REQUIREMENT – Activate this setting if you want user passwords to contain at least one uppercase character.
- LOWERCASE REQUIREMENT – Activate this setting if you want user passwords to contain at least one lowercase character.
- NUMBER REQUIREMENT – Activate this setting if you want user passwords to contain at least one numerical character.
- NON-ALPHANUMERIC REQUIREMENT – Activate this setting if you want user passwords to contain at least one non-alphanumeric character such as !@#$%^&*().
The second set of security settings is Authorization Security which allows you to control login settings.
- LOGIN ATTEMPTS ALLOWED – Set a number of incorrect login attempts allowed before the user is locked out for a specified amount of time (see the next setting). The number can range from a minimum of 3 to maximum of 10 times.
- LOGIN LOCKDOWN TIME – Set the amount of time for which the user will be locked out after reaching the maximum number of incorrect login attempts. The amount of time can range from a minimum of 3 to a maximum of 60 minutes.
The third set of security settings is Session Security where you can adjust a user’s session settings when logged in.
- SESSION DURATION – The time (in hours) that a session will stay valid before automatically be logged off.
- LOG OFF ON CLOSE – Enabling this logs off the user as soon as he closes his browser.
The fourth set of security settings is IP Access which allows you to restrict users based on IP Address.
- ENABLE IP ACCESS SECURITY – Enable IP access security if you want to restrict platform access to a list of users with specific IP addresses only. You can authorize users by providing their IP addresses in the next setting. Your platform will also be accessible to CMNTY staff.
- IP ADDRESSES – Enter the user IP addresses here to authorize access.
Your IP Address will be added automatically to the list so you won’t be locked out after saving.
The fifth set of security settings for Two Factor Authentication allows you to enable options for a second component of authentication for a user.
- ENABLE GOOGLE AUTHENTICATOR AUTHENTICATION – Decide whether users can choose to use Google Authenticator for two-factor authentication.
- ENABLE EMAIL AUTHENTICATION – Decide whether users can choose to receive an email for two-factor authentication.
- ENABLE SMS AUTHENTICATION – Decide whether users can choose to receive an SMS for two-factor authentication.
The next set of security settings is for Response Headers.
- ENABLE X-FRAME-OPTIONS HEADER – Enable the X-Frame-Options header to disallow putting the platform in an iFrame.
- ENABLE CONTENT-SECURITY-POLICY HEADER – Enable the Content-Security-Policy header to reduce risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP header.
The last security setting is Registration Blacklist.
- Enter the specific domains you want to blacklist from registration to the platform one-at-a-time and save.
- Each domain can be individually removed.