Learn how to manage user-related security settings within 6clicks
6clicks provides several mechanisms to secure user access within your tenant. You can adjust the following security settings within the administration settings module:
To access these administrative settings, navigate to Administration > Settings and then click on the Security tab.
Password Complexity
Use default settings: Sets the password complexity to the recommended default settings: 8 character minimum, requires digit, requires lowercase, requires non-alphanumeric, requires uppercase
Require digit: Requires that a digit or number be used in the password
Require lowercase: Requires that at least one lowercase letter be used in the password
Require non alphanumeric: Requires that at least one non-alphanumeric or special character be used in the password
Require uppercase: Requires that at least one uppercase letter be used in the password
Required length: Enter the password length you require your users to use when creating and using a password
Custom disclaimer
Information on adding a personalized disclaimer to your login page can be found here.
User lockout
The settings in this section delineate how and when (and for how long) accounts can be set to be locked out.
As the Enable user account locking on failed login attempts setting indicates, accounts can be set to lock after failed login attempts.
Once this setting is enabled, you can select the number of maximum failed login attempts that will lockout the account with the Maximum number of failed login attempts before locking the account setting. You can also choose to keep the accounts locked for the duration in seconds that you enter here in the Account locking duration (in seconds) field.
Note: If a user is deactivated or locked out, an administrator can re-activate/unlock them from the user administration screen.
The Max days of user inactivity before deactivating setting can be used by administrators to automatically deactivate a user who has not logged in for the specified period. The setting is applicable to all users, including those configured for SSO.
To make sure that certain "break glass" or administrator accounts are always accessible, you have two settings for these accounts that you can review and set.
- To make sure the account cannot be deactivated, select and edit the user in Administration > Users and check the setting Do not deactivate when inactivity period reached (if configured).
- To prevent the account from being locked out, uncheck Enable lockout if too many failed logins. You should set very strong passwords and enable MFA for such accounts.
Note:
The "Max days of user inactivity" setting will work when SSO is enabled for a user. However, the "User lockout" setting does not work because this is controlled by the SSO provider.
Multi-Factor Authentication
Multi-factor authentication (MFA) is enabled by default and recommended for seeing a list of teams associated with an account during login. As noted, this setting is recommended.
If you see and can select the following setting, you can enable the use of MFA for your users on a case-by-case basis within your tenant: Logging in after submitting a password (recommended). Note: users requiring 2FA must also have it enabled.
More information on setting up multi-factor authentication can be found here.