Organization Settings
      Back to home
      1. Help Center
      2. Advanced Features & Customizations
      3. Organization Settings

      What are my organizations global settings?

      When global settings are set, they impact all users within your organization. This allows you to enforce global MFA & account lockout settings.

      Version Number: v1.0.1

      Published Date: 14 May 2024

      ____________________________________________________________________________

      Only super users have this section enabled. Please get in touch if you require a superuser for your organization.

      Superusers have access to the Global Options screen, this can be accessed via the account drop down menu. From here they can set the following options which will apply to all users in their organization.

      7KnfMW2bOeOMT2lsRVknekIJBbeklam4WAIWLMW07ZzB4uLY9yNYJa7ofEddsVTB6dQA

      Account lock threshold

      The number of incorrect login attempts a user is permitted before their account is temporarily locked. By default this option is set to 0, which means users can make an unlimited number of incorrect login attempts. The incorrect login counter for each user is reset when they successfully log in, or when they have not tried to log in for an hour (the counter resetting does not cause a locked account to unlock).

      This is a security feature intended to limit the rate at which attackers can guess passwords. For example, if the lock threshold is set to 5, and the lock timeout (described below) is set to 60 seconds, an attacker would be able to guess at most 5 passwords per minute, which will make brute-force attacks very difficult.

       

      Account Lock Timeout

      This refers to how many seconds a user account will remain locked when it has been auto-locked. This does not apply to accounts locked manually via the User Administration Page. A value of 0 will mean the account remains locked indefinitely, or until a super-user manually unlocks it.

       

      MFA Enforced?

      Enabling this option will require all users in the organization to use Multi-Factor Authentication (MFA). Any user who has not enabled MFA on their account will be unable to log in if this option is enabled. This case can be resolved by a super-user enabling MFA for the user via the Edit User page in User Admin.

      When enforcing MFA super-users should try to ensure that all users in the organization already have MFA enabled before turning on the option, in order to minimize disruption caused by users not being able to log in.

       

      MFA Whitelist Time

      If a user has MFA enabled, any IP they log in from will be white-listed for the number of days specified here. While the IP is white-listed, MFA will not be required when logging in from it for the specified time. A value of 0 means IPs will not be white-listed, and the user will need to enter an MFA code on each login.