Configuring user security settings

The user-account security settings configure the password, login, and user-session settings for local users.

Learn more

Procedure

To configure security settings for local users, complete the following steps.

From the XClarity Orchestrator menu bar, click Administration () > Security, and then click Account Security Settings in the left navigation to display the Account Security Settings card.

Configure the following security settings.

Security setting	Description	Allowed values	Default values
Password expiration period	Amount of time, in days, that a user can use a password before it must be changed Lower values reduce the amount of time that attackers have to guess passwords. If set to 0, passwords never expire.	0 – 365	0
Password expiration warning period	Amount of time, in days, before the password-expiration date when users begin to receive warnings about an impending expiration of the user password If set to 0, users are not warned.	0 – 30	0
Minimum password reuse cycle	Minimum number of times that a unique password must be specified when changing the password before the user can start to reuse passwords If set to 0, users can reuse passwords immediately.	0 – 10	5
Minimum password change interval	Minimum amount of time, in hours, that must elapse before a user can change a password again after it was previously changed The value specified for this setting cannot exceed the value specified for the Password expiration period setting. If set to 0, users can change passwords immediately.	0 – 240	1
Maximum number of login failures	Maximum number of times that a user can attempt to log in with an incorrect password before the user account is locked Note Consecutive login attempts using the same username and password count as a single failed login. If set to 0, accounts are never locked.	0 – 10	5
Failed login counter reset	Amount of time since the last failed login attempt before the Maximum number of login failures counter is reset to 0. If set to 0, the counter never resets. For example, if the maximum number of login failures is 2, and you fail your login once, then fail it a second time 24 hours later, the system registers that you have failed your login twice, and your account is locked out. Note This setting applies only when the Maximum number of login failures setting is set to 1 or greater.	0 – 60	15
Lockout period after maximum login failures	Minimum amount of time, in minutes, after which a locked user can attempt to log back in again A user account that is locked cannot be used to gain access to XClarity Orchestrator even if a valid password is provided. If set to 0, user accounts are never locked. Note This setting applies only when the Maximum number of login failures setting is set to 1 or greater.	0 – 2880	60
Web inactivity session timeout	Amount of time, in minutes, that a user session established with the orchestrator server can be inactive before the user session expires and the user is automatically logged out. This timeout applies to all actions (such as opening a page, refreshing the current page, or modifying data). This is the primary timeout for the user session. When a session is active, this timer resets every time the user performs any action. After the timeout value is exceeded, the login page is displayed the next time the user attempts to perform an action. If set to 0, this timeout is disabled. Note Changing this setting immediately affects all user sessions, regardless of authentication type. Existing sessions that have been inactive for longer than the new time-out value are expired.	0, 60 – 1440	1440
Web inactivity timeout for full operations	Amount of time, in minutes, that a user session established with the orchestrator server can be inactive before the actions that modify data (such as creating, updating, or deleting a resource) are disabled This is an optional secondary timeout and is shorter than the primary Web inactivity session timeout value. When a session is active, this timer resets every time the user performs any action. If this timeout value is exceeded but the primary Web inactivity session timeout value is not exceeded, the user is restricted to read-only actions (such as opening or refreshing a page) until the primary Web inactivity session timeout value is exceeded; however, if the user attempts to perform an action that modifies data, the user session expires and the login page is displayed. If set to 0, this timeout is disabled. Note Changing this setting immediately affects all user sessions, regardless of authentication type. Existing sessions that have been inactive for longer than the new time-out value are expired.	0, 15 – 60	30
Mandatory expiration time of a web-based session	Amount of time, in hours, that a user session established with the orchestrator server can be open before the user is automatically logged out, regardless of user activity Note Changing this setting immediately affects all user sessions, regardless of authentication type. Existing sessions that have been inactive for longer than the new timeout value are expired.	24 – 240	24
Minimum password length	Minimum number of characters that can be used to specify a valid password	8 – 256	256
Maximum password length	Maximum number of characters that can be used to specify a valid password	8 – 128	128
Maximum active sessions for a specific user	Maximum number of active sessions for a specific user that are allowed at any given time. When the maximum number is reached, the oldest active session for a user (based on the creation timestamp) is removed before a new session is created for that user. If set to 0, an unlimited number of active sessions is allowed for a specific user. Note Only user sessions that start after the setting is changed are affected.	0 – 20	20
Number of complexity rules that must be followed when creating a new password	Number of complexity rules that must be followed when creating a new password Rules are enforced starting with rule 1, and up to the number of rules specified. For example, if the password complexity is set to 4, then rules 1, 2, 3 and 4 must be followed. If the password complexity is set to 2, then rules 1 and 2 must be followed. XClarity Orchestrator supports the following password complexity rules. Must contain at least one alphabetic character, and must not have more than two sequential characters, including sequences of alphabetic characters, digits, and QWERTY keyboard keys (for example, “abc”, “123”, and “asd” are not allowed) Must contain at least one number Must contain at least two of the following characters. Uppercase alphabetic characters (A – Z) Lowercase alphabetic characters (a – z) Special characters ; @ _ ! ' $ & + White space characters are not allowed. Must not repeat or reverse the use name. Must not contain more than two of the same characters consecutively (for example, “aaa”, “111”, and “...” are not allowed). If set to 0, passwords are not required to comply with any complexity rules.	0 – 5	4
Force user to change password on first access	Indicates whether a user is required to change the password when logging in to XClarity Orchestrator for the first time	Yes or No	Yes

Click Apply.
After the changes are applied, the new settings take effect immediately. If you change password policies, those policies are enforced the next time a user logs in or changes the password.

After you finish

You can perform the following action from the Account Security Settings card.

To reset these settings to the default values, click Restore defaults.

Give documentation feedback