Modify rules in the Security tab to align your policies with a customer's requirements.
- Session Timeout - This value determines how many minutes users will be able to have an idle session before being forced to log in again. Users can choose to continue the session without being logged out. They'll be prompted 30 seconds before the session is closed.
- Store Credentials - Use this Boolean option to hide the 'Stay Logged In' checkbox from the login screen.
- Keep Credentials for (Days) - Force a user to log in after this many days of 'Stay Logged In' being selected.
To remove stored credentials simply select logout under the user icon in the top right corner. You'll be returned to the log in page and that option will be deselected.
- Maximum Login Attempts - Once a user fails to enter the correct password this many times their account will be disabled and require admin intervention.
- Minimum Length - A password with fewer characters will not be allowed.
- Special Character List - Special characters not in the list will not be allowed in new passwords. Designers can override the default special character list.
- Password Expiration Length in Days - Prompt users to change their passwords at a designated interval. The default is -1, which means passwords will never expire.
There are also 4 requirement options for enhanced security. Check these options to require specific types of characters to be used in a password:
- At least one lower case letter: "[^a-z]"
- At least one uppercase letter: "[^A-Z]"
- At least one number: "[^0-9]"
- At least one special character: "[/\|_!@#$%^&*()=+.-]"
See the SSO article next.