Security Settings

The Security Settings page is used to configure various settings associated with NICE Uptivity Web Portal security. These settings are typically configured during installation and should be changed only under the direction of Uptivity Support.

This topic explains the settings for your reference.

For more information, see Configuration & Settings Overview.

After making any changes on the Security page, the system requires an IIS restart for the changes to be reflected.

Site Settings

These settings are no longer used in Uptivity.

Forgot Password Settings

Password Max Length
Displays the maximum number of characters a password can contain. There is no minimum requirement unless you enforce password strength; see PCI Settings.
Password special characters length
Displays the number of special characters the password can contain. There is no minimum requirement unless you enforce password strength; see PCI Settings.
Mail Subject
Displays the subject line of the email users receive when they click the "Forgot Your Password?" link.
Mail Body
Displays the body of the email users receive when they click the "Forgot Your Password?" link.

Active Directory Settings

Settings in this section are required if the system uses Active Directory (AD) or combined database/AD authentication (also known as hybrid authentication). For more information, see Roles and Permissions Overview.

In multiple domain environments, Uptivity maintains a separate user account for each user on each domain. For example, if Joe Smith works at two different locations, each with its own domain, user jsmith would be created twice in Uptivity, with one account assigned to each unique domain. Reporting and other features treat the accounts as unique individual users.

Auto Create User on Login
When the checkbox is selected, allows creation of a user account in the Uptivity database the first time a user logs into the system using Windows credentials. The user account is populated with the AD account’s login name, first name, last name, and email address. If the user has accounts on more than one domain, a separate Uptivity account is created for each.
If Using AD Group Role Synch, Delete User's Roles That Do Not Match an AD Group on Login
When your system uses AD Group Role Synch, and this checkbox is selected, any Uptivity roles assigned to an individual user that are not also assigned to that user’s AD group are removed from the user’s account at login.
Name
Displays the name of the AD domain. Multiple domains can be configured. This field is required if you are using AD Group Role Synch.
LDAP String
Displays the Active Directory LDAP string (the LDAP:// portion must be capitalized).
Secure Sockets
When this checkbox is selected, SSL is enabled for communication between Uptivity and the AD server. This effectively turns the LDAP configuration into LDAPS. For this to be enabled, a Certificate Server must be installed to support SSL.
Signing
When this checkbox is selected, LDAP security is enabled for the NICE Uptivity Web Portal. When it is also enabled on the AD server, the connection between the server and the web portal is encrypted. The system will verify the data integrity of the request. For this to be enabled, Secure Sockets must be checked. Enabling this setting is not required to use LDAPS.

For any certificates to work with Signing, the certificate cannot be a self-signed certificate. Signed client and server root CA certificates issued by a trusted certificate authority are required.

Groups
Displays the AD groups configured in Uptivity for synchronization.
Roles
Displays the roles associated with users in each synchronized AD group.

Login Settings

Access Type
Displays the type of authentication used by your system. Possible values are: Database, Active Directory, or Hybrid. The default value is Database.
User Token Expire Time
Displays in minutes the amount of time between mouse clicks before a user token expires. User tokens monitor activity for a user ID within the site. The system refreshes the timestamp and expiration of the token every time a user clicks on something. Once the token expires, the user's next action will log them out and bring them back to the login screen. The default value is 5.
Login Token Expire Time
Displays an amount of time in seconds. Login tokens are passed to the database when a user clicks the login button. Once the session is established, the token is expunged from the database. If something interrupts the transaction or the process encounters an error, the token may be left behind, and this timeout triggers it to be automatically deleted. The default value is 31.
Integration Token Expire Time
This setting is no longer used in Uptivity

PCI Settings

PCI Settings are optional settings that control password policy for Uptivity user accounts, based on the PCI Security Standards Council's Data Security Standard (viewable at their website). Passwords are automatically "salted" by Uptivity, and password changes are tracked through both the Audit Log and the System Activity Summary Report.

Changing these settings in the web portal does not automatically force users to change their passwords. The settings do not affect users until their passwords are changed, either by the user or an administrator. To enforce PCI settings, you must force users to change their passwords or change the passwords for them.

These settings apply only to database user accounts and do not impact Windows accounts used by Premises systems with AD or combined AD/database authentication.

Password Strength Enforcement
When the checkbox is selected, forces all new passwords to be a minimum of eight characters in length and to contain at least one of each of the following:
  • lowercase letters
  • UPPERCASE letters
  • Numbers
  • Special characters

The default value is not selected.

Prompt User to Change Password Before Expiration
When the checkbox is selected, controls how long a password can remain active. This applies to all Uptivity accounts, including those with superuser access. Must be used in conjunction with one or both of the following two settings, which appear only if this option is selected.
Number of Days Before Password Expires
Available only if Prompt User to Change Password Before Expiration is selected. Specifies the number of days a password can remain active. This value cannot be set to 0. The default value is 1.
Number of Days of Warning Before Password Expires
Available only if Prompt User to Change Password Before Expiration is selected. Specifies the number of days in advance Uptivity will warn the user that their password is about to expire. Setting this value to 0 causes all passwords to expire immediately. The default value is 1.
Prevent Re-use of Password
When the checkbox is selected, password changes are checked against a password history to prevent reuse. Uptivity does not trace passwords unless this feature is enabled, so the reuse look-back will not consider or compare passwords used before this setting was enabled. Must be used in conjunction with one or both of the following two settings, which appear only if this option is selected.
Number of Previous Passwords to Check
Available only if Prevent Re-use of Password is selected. Specifies how many historical passwords Uptivity will check to see if the password has previously been used.
Number of days between password change
Available only if Prevent Re-use of Password is selected. Specifies how many days of password history Uptivity will check to see if the password has previously been used.
Limit failed login attempts
When the checkbox is selected, user accounts are locked after a specified number of failed login attempts has been reached. Locked accounts must be unlocked by an administrative user before the user may attempt another login. Must be used in conjunction with one or both of the following two settings, which appear only if this option is selected.
Maximum number of failed login attempts to allow
Available only if Limit failed login attempts is selected. Specifies the number of times a user can attempt to log in before their account is locked. The default value is 0.
Lockout Superuser after limit reached?
Available only if Limit failed login attempts is selected. When the checkbox is selected, failed login settings apply to all accounts, including those with superuser access. When the checkbox is cleared, superuser accounts cannot be locked out.

Administrative users can manually change a user's password to anything that meets the complexity requirements in force, including previously used passwords. This setting affects only users changing their own passwords.

HTTP/HTTPS Settings

Force the site to use HTTPS
When the checkbox is selected, Uptivity secures web browser cookies (ASP.NET_SessionID) by setting the secure flag. This prevents cookies from being sent across non-https connections and is a PCI-compliant feature.

Related Tasks