Page Details: Security Settings

The Security Settings page is used to configure various settings associated with inContact WFO Web Portal security. These settings are typically configured during installation and should be changed only under the direction of inContact WFO Support.

This topic explains the settings for your reference.

For more information, see Configuration & Settings Overview.

Site Settings

Site Settings are used only in installations that include both inContact WFO and inContact Workforce Management v1 to enable users to log in to one web portal and then access the other portal without having to log in again. If you have a standalone inContact WFM v1 system, this section does not apply.

Clarity
Displays the IP address or host name of the server hosting the inContact WFM v1 Web Portal. This address includes a port number if both web portals are hosted on the same server (for example, http://192.168.0.1:8008). The address must begin with http:// (or https:// if SSL is in use).
Discover
Displays the IP address or host name of the server hosting the inContact WFO Web Portal. The address must begin with http:// (or https:// if SSL is in use).

Forgot Password Settings

Password Max Length
Displays the maximum number of characters a password can contain. There is no minimum requirement unless you enforce password strength; see PCI Settings.
Password special characters length
Displays the number of special characters the password can contain. There is no minimum requirement unless you enforce password strength; see PCI Settings.
Mail Subject
Displays the subject line of the email users receive when they click the "Forgot Your Password?" link.
Mail Body
Displays the body of the email users receive when they click the "Forgot Your Password?" link.

Active Directory Settings

This feature is not available in Hybrid deployments.

Settings in this section are required if the system uses Active Directory (AD) or combined database/AD authentication (also known as hybrid authentication). For more information, see Roles and Permissions Overview.

In multiple domain environments, inContact WFO maintains a separate user account for each user on each domain. For example, if Joe Smith works at two different locations, each with its own domain, user jsmith would be created twice in inContact WFO, with one account assigned to each unique domain. Reporting and other features treat the accounts as unique individual users.

Auto Create User on Login
When the checkbox is selected, allows creation of a user account in the inContact WFO database the first time a user logs into the system using Windows credentials. The user account is populated with the AD account’s login name, first name, last name, and email address. If the user has accounts on more than one domain, a separate inContact WFO account is created for each.
If Using AD Group Role Synch, Delete User's Roles That Do Not Match an AD Group on Login
When your system uses AD Group Role Synch, and this checkbox is selected, any inContact WFO roles assigned to an individual user that are not also assigned to that user’s AD group are removed from the user’s account at login.
Name
Displays the name of the AD domain. Multiple domains can be configured. This field is required if you are using AD Group Role Synch.
LDAP String
Displays the Active Directory LDAP string (the LDAP:// portion must be capitalized).
Secure Sockets
When this checkbox is selected, SSL is enabled for communication between inContact WFO and the AD server.
Signing
When this checkbox is selected, LDAP security is enabled for the web portal. When it is also enabled on the AD server, the connection between the server and the web portal is encrypted.
Groups
Displays the AD groups configured in inContact WFO for synchronization.
Roles
Displays the roles associated with users in each synchronized AD group.

Login Settings

Access Type
Displays the type of authentication used by your system. Possible values are: Database, Active Directory, or Hybrid. The default value is Database.
User Token Expire Time
Displays in minutes the amount of time between mouse clicks before a user token expires. User tokens monitor activity for a user ID within the site. The system refreshes the timestamp and expiration of the token every time a user clicks on something. Once the token expires, the user's next action will log them out and bring them back to the login screen. The default value is 5.
Login Token Expire Time
Displays an amount of time in seconds. Login tokens are passed to the database when a user clicks the login button. Once the session is established, the token is expunged from the database. If something interrupts the transaction or the process encounters an error, the token may be left behind, and this timeout triggers it to be automatically deleted. The default value is 31.
Integration Token Expire Time
Displays an amount of time in seconds. This setting applies only to systems that include both inContact WFO and inContact Workforce Management v1. Integration tokens are similar to login tokens, but are created when a user transitions from the inContact WFO Web Portal to the inContact WFM v1 Web Portal, or vice versa. As soon as this transaction is complete, the token is removed from the database. If something interrupts the transaction or the process encounters an error, the token may be left behind, and this timeout triggers it to be automatically deleted. The default value is 120.

PCI Settings

PCI Settings are optional settings that control password policy for inContact WFO user accounts, based on the PCI Security Standards Council's Data Security Standard (viewable at their website). Passwords are automatically "salted" by inContact WFO, and password changes are tracked through both the Audit Log and the System Activity Summary Report.

Changing these settings in the web portal does not automatically force users to change their passwords. The settings do not affect users until their passwords are changed, either by the user or an administrator. To enforce PCI settings, you must force users to change their passwords or change the passwords for them.

These settings apply only to database user accounts and do not impact Windows accounts used by Premises systems with AD or combined AD/database authentication.

Password Strength Enforcement
When the checkbox is selected, forces all new passwords to be a minimum of eight characters in length and to contain at least one of each of the following:
  • lowercase letters
  • UPPERCASE letters
  • Numbers
  • Special characters

The default value is not selected.

Prompt User to Change Password Before Expiration
When the checkbox is selected, controls how long a password can remain active. This applies to all inContact WFO accounts, including those with superuser access. Must be used in conjunction with one or both of the following two settings, which appear only if this option is selected.
Number of Days Before Password Expires
Available only if Prompt User to Change Password Before Expiration is selected. Specifies the number of days a password can remain active. This value cannot be set to 0. The default value is 1.
Number of Days of Warning Before Password Expires
Available only if Prompt User to Change Password Before Expiration is selected. Specifies the number of days in advance inContact WFO will warn the user that their password is about to expire. Setting this value to 0 causes all passwords to expire immediately. The default value is 1.
Prevent Re-use of Password
When the checkbox is selected, password changes are checked against a password history to prevent reuse. inContact WFO does not trace passwords unless this feature is enabled, so the reuse look-back will not consider or compare passwords used before this setting was enabled. Must be used in conjunction with one or both of the following two settings, which appear only if this option is selected.
Number of Previous Passwords to Check
Available only if Prevent Re-use of Password is selected. Specifies how many historical passwords inContact WFO will check to see if the password has previously been used.
Number of days between password change
Available only if Prevent Re-use of Password is selected. Specifies how many days of password history inContact WFO will check to see if the password has previously been used.
Limit failed login attempts
When the checkbox is selected, user accounts are locked after a specified number of failed login attempts has been reached. Locked accounts must be unlocked by an administrative user before the user may attempt another login. Must be used in conjunction with one or both of the following two settings, which appear only if this option is selected.
Maximum number of failed login attempts to allow
Available only if Limit failed login attempts is selected. Specifies the number of times a user can attempt to log in before their account is locked. The default value is 0.
Lockout Superuser after limit reached?
Available only if Limit failed login attempts is selected. When the checkbox is selected, failed login settings apply to all accounts, including those with superuser access. When the checkbox is cleared, superuser accounts cannot be locked out.

Administrative users can manually change a user's password to anything that meets the complexity requirements in force, including previously used passwords. This setting affects only users changing their own passwords.

HTTP/HTTPS Settings

Force the site to use HTTPS
When the checkbox is selected, inContact WFO secures web browser cookies (ASP.NET_SessionID) by setting the secure flag. This prevents cookies from being sent across non-https connections and is a PCI-compliant feature.

Related Tasks