Site Settings |
|---|
| Force the site to use HTTPS | When the checkbox is selected, Uptivity secures web browser cookies (ASP.NET_SessionID) by setting the secure flag. This prevents cookies from being sent across non-https connections and is a PCI-compliant feature. |
NAtive Authentication Settings |
|---|
| Enable Native Authentication | When the checkbox is selected, Native Authentication is used. |
| Password Max Length | Displays the maximum number of characters a password can contain. There is no minimum requirement unless you enforce password strength. |
| Password special characters length | Displays the number of special characters the password can contain. There is no minimum requirement unless you enforce password strength. |
| Mail Subject | Displays the subject line of the email users receive when they click the "Forgot Your Password?" link. |
| Mail Body | Displays the body of the email users receive when they click the "Forgot Your Password?" link. |
The PCI Settings section is optional. These settings control password policy for Uptivity user accounts, based on the PCI Security Standards Council's Data Security Standard (viewable at their website). Passwords are automatically "salted" by Uptivity, and password changes are tracked through both the Audit Log and the System Activity Summary Report. Changing these settings in the web portal does not automatically force users to change their passwords. The settings do not affect users until their passwords are changed, either by the user or an administrator. To enforce PCI settings, you must force users to change their passwords or change the passwords for them. These settings apply only to database user accounts and do not impact Windows accounts used by Uptivity systems with AD or combined AD/database authentication. |
| Password Strength Enforcement | When the checkbox is selected, forces all new passwords to be a minimum of eight characters in length and to contain at least one of each of the following:
- lowercase letters
- UPPERCASE letters
- Numbers
- Special characters
The default value is not selected. |
| Limit failed login attempts checkbox | When the checkbox is selected, user accounts are locked after a specified number of failed login attempts has been reached. Locked accounts must be unlocked by an administrative user before the user may attempt another login. Must be used in conjunction with one or both of the following two settings, which appear only if this option is selected. |
| Limit failed login attempts field | Available only if Limit failed login attempts is selected. Specifies the number of times a user can attempt to log in before their account is locked. The default value is 0. |
| Lockout Superuser after limit reached? | Available only if Limit failed login attempts is selected. When the checkbox is selected, failed login settings apply to all accounts, including those with superuser access. When the checkbox is cleared, superuser accounts cannot be locked out. |
| Enforce Password Expiration | When the checkbox is selected, controls how long a password can remain active. This applies to all Uptivity accounts, including those with superuser access. |
| Prompt User to Change Password Before Expiration | When the checkbox is selected, users receive a notification prior to their password expiring. Must be used in conjunction with one or both of the following two settings, which appear only if this option is selected. |
| Number of Days Before Password Expires | Available only if Prompt User to Change Password Before Expiration is selected. Specifies the number of days a password can remain active. This value cannot be set to 0. The default value is 1. |
| Number of Days of Warning Before Password Expires | Available only if Prompt User to Change Password Before Expiration is selected. Specifies the number of days in advance Uptivity will warn the user that their password is about to expire. Setting this value to 0 causes all passwords to expire immediately. The default value is 1. |
| Prevent Re-use of Password | When the checkbox is selected, password changes are checked against a password history to prevent reuse. Uptivity does not trace passwords unless this feature is enabled, so the reuse look-back will not consider or compare passwords used before this setting was enabled. Must be used in conjunction with one or both of the following two settings, which appear only if this option is selected. |
| Number of Previous Passwords to Check | Available only if Prevent Re-use of Password is selected. Specifies how many historical passwords Uptivity will check to see if the password has previously been used. |
| Number of days between password change | Available only if Prompt User to Change Password Before Expiration is selected. Specifies the number of days a password can remain active. This value cannot be set to 0. The default value is 1. |
| User Token Expire Time | Displays in minutes the amount of time between mouse clicks before a user token expires. User tokens monitor activity for a user ID within the site. The system refreshes the timestamp and expiration of the token every time a user clicks on something. Once the token expires, the user's next action will log them out and bring them back to the login screen. The default value is 5. |
| Login Token Expire Time | Displays an amount of time in seconds. Login tokens are passed to the database when a user clicks the Login button. Once the session is established, the token is expunged from the database. If something interrupts the transaction or the process encounters an error, the token may be left behind, and this timeout triggers it to be automatically deleted. The default value is 31. |
Active Directory Settings |
|---|
Settings in this section are required if the system uses Active Directory (AD) or combined database/AD authentication (also known as hybrid authentication). For more information, see Roles and Permissions Overview. In multiple domain environments, Uptivity maintains a separate user account for each user on each domain. For example, if Joe Smith works at two different locations, each with its own domain, user jsmith would be created twice in Uptivity, with one account assigned to each unique domain. Reporting and other features treat the accounts as unique individual users. For AD Role Sync to work properly, users cannot be a member of multiple groups that sync. The following checkboxes must be selected and a role must be selected for the user to have access to features in Uptivity. |
| Enable Active Directory Authentication | When the checkbox is selected, Active Directory Authentication is used. |
| Auto Create User on Login | When the checkbox is selected, allows creation of a user account in the Uptivity database the first time a user logs into the system using Windows credentials. The user account is populated with the AD account’s login name, first name, last name, and email address. If the user has accounts on more than one domain, a separate Uptivity account is created for each. When a user is auto-created, they do not have Roles assigned unless they are in a Group that has Roles assigned to that Group. Roles assigned to users can be edited by an administrator after the user logs on for the first time. |
| If Using AD Group Role Synch, Delete User's Roles That Do Not Match an AD Group on Login | When your system uses AD Group Role Synch, and this checkbox is selected, any Uptivity roles assigned to an individual user that are not also assigned to that user’s AD group are removed from the user’s account at login. |
Click Add Domain to bring up domain settings. Once added, you can click Delete to remove it. Domain settings are explained below. |
| Domain Name | Displays the name of the AD domain. Multiple domains can be configured. This field is required if you are using AD Group Role Synch. |
| LDAP String | Displays the Active Directory LDAP string (the LDAP:// portion must be capitalized). |
| Secure Sockets | When this checkbox is selected, SSL is enabled for communication between Uptivity and the AD server. This effectively turns the LDAP configuration into LDAPS. |
| Signing | When Secure Sockets is checked, the option for certificate signing is available. Check this box if the certificate for the Secure LDAP is installed as a Trusted CA and is required to connect to the Secure LDAP server. |
| Groups | Displays the AD groups configured in Uptivity for synchronization. Click the Add Group button to add groups to the domain. Click Delete Group to remove a group from the domain. |
| Roles | Displays the roles associated with users in each synchronized AD group. Click Add / Edit Roles to add a new role to the domain or configure an existing role. Adding a role is necessary for the feature to work, although it is not marked as required by the system. |
SAML 2.0 Settings |
|---|
| Enable SAML 2.0 Authentication | When this checkbox is selected, SAML 2.0 Authentication is used. |
