Configure Security Policies

For Cyber Security it is important to configure access policies to satisfy your company security requirements.

Note:  Local access only. If an Active Directory (AD) is configured all the AD security policies and email settings override Data Reviewer local security policies.

1. Go to Administration > Access Management > Security Policies.
   
2. Set each policy section (see below).
   1.  Login policy: Sets the maximum number of times a user can attempt to log in before the user is locked-out of their user account and set the length of time they are locked-out for.
   • Maximum number of incorrect logins before lockout (minimum attempts: 3): If this value is exceeded, the user account will be locked.
   • Lockout time (in minutes) before a user can log in again after a lockout: If set to 0, an administrator must unlock the user account.
   • Allow multiple sessions per user: Tick this box to allow multiple sessions.
   • Exclude selected accounts from password expiry: Tick this box to enable the Password never expires option on the User Management page. See Configure Password Expiration.
   • Users can be retired: Tick this box to enable the Retire option on the User Management page. See Retire a User Account.
   2. Sign in policy
   • Is a confirmed email address required? If ticked, all user accounts that have an email address must confirm their email address.
   • Set a session inactivity time (in minutes) before a user is logged out.
   3.  Forgot password policy: Allow three forgot password requests in xx minute. See also Auditor License Option.
   4.  Event log policy: How many days of events that the Event log shows on-screen.
      • If set to 0, the Event log shows all events. See also Auditor License Option.
3. Click on Save Changes.