Configuring your ClientSpace authentication settings
Password settings
Passwords are required to access ClientSpace and are hashed with one-way encryption. The site uses 2048 SSL encryption. When the password is changed, the system records the time and date of this event in the DatePasswordSet field on the User table. The system can then be optionally set to run a scheduled process regularly to check the current date against this field and require the user to reset the password if it exceeds a set threshold. Security configurations are stored in an Install Security table within the database.
Password and account security options are as follows:
| • | Minimum password length (default is 7 characters) |
| • | Password complexity (default requires at least two types of characters, such as alpha-numeric) |
| • | Number of failed attempts before account lockout (default is 5 attempts) |
| • | Lockout duration (default is 30 minutes) |
Additionally, the system can be configured so that ClientSpace sessions timeout after a set amount of inactivity using the Session Expiration setting, essentially logging the user out of the system. When this occurs, the user receives a Session Expired message in the browser.
Two factor authentication settings
In the two factor authentication (2FA) fieldset, you enable and configure 2FA for your ClientSpace installation. The information is used to generate a code that is sent to users as a second form of authentication.
To access your settings:
- Go to System Admin
> Security > Authentication Settings.
The Authentication Settings form opens. - In the Password Settings fieldset, configure the following settings:
|
Password Length |
Minimum length of a user password. |
||||||||||||
|
Password Complexity |
Minimum complexity of a user password (up to 3 levels). You can require up to 3 levels (of 4 options) of password complexity, which is stored in the Install Security table. The 4 options for password complexity are:
For help in configuring the password complexity, log an Extranet case. Support can help you configure the password complexity level of your installation for up to 3 levels of complexity. The system then checks each of the complexity options and allows authentication if the password meets the required levels. |
||||||||||||
|
Password Reset |
Amount of time in days from the last password reset before a user is forced to change password (unless the Password Never Expires option is selected). See Adding and editing user accounts. |
||||||||||||
|
Login Attempts before lockout |
Number of failed login attempts before a user account is locked. |
||||||||||||
|
Lockout Duration |
Amount of time in minutes before a locked user account automatically unlocks. Note: If a locked user needs to access a the system before the lockout duration time expires, a Global Admin user can unlock the user. See Resetting a User Password and Unlocking a User. |
||||||||||||
|
Session Expiration |
Number of minutes of activity allowed before a session is automatically expired. |
- In the Two Factor Authentication Settings, configure the following settings:
|
Enable TFA |
Select this option to enable two factor authentication. |
|
TFA Valid Characters |
The valid characters that are allowed when constructing the Authentication Code. Example: abcdefghijklmnopqrstuvwxyz1234567890 |
|
TFA Code Length |
The length of the 2FA authentication code for the user. |
|
TFA Code Expiration Minutes |
Number of minutes after which the delivered Authentication Code expires. |
|
TFA Code Expiration Days |
Number of days after which the delivered Authentication Code expires. |
- Click Save.
For help or changes to these configurations, log an Extranet case.