...
To add a new group to the system, select the Access Groups tab and then select from the menu or from the toolbar.
Access Controller - Access Groups tab
| Setting | Description | |||||
|---|---|---|---|---|---|---|
Name | Enter the name of the group. Valid characters are: A-Z, a-z, 0-9, '-' and '_' | |||||
Description | Descriptive information about the group. | |||||
| Allow Access Through SCIM | Allows the group to be accessed using SCIM.
| |||||
Application | This column is a list of the all applications in the system. | |||||
Execute | Check to enable the members of the access group to start an instance of the relevant application. Clear to prohibit the access group members from using it. | |||||
Write | Check to enable the members of the access group to edit and save a configuration within the relevant application. Clear to prohibit the user from doing so.
| |||||
A drop down menu that allows the user to filter on application type. Options are All, Configuration, Inspection, Tools, or Web interface. | ||||||
Select All | Enables Write (if applicable) and Execute for all permissions in the chosen category. | |||||
Disables Write and Execute for all permissions in the chosen category. |
...
Advanced Tab
You use the Advanced tab to specify the number of consecutive erroneous login attempts permitted by a user, enable logging in the System Log when a user fails to login to, and configure user authentication by selecting the relevant authentication method.
Access Controller - Advanced tab
Number of Consecutive Erroneous Login Attempts
In order to configure the maximum number consecutive failed login attempts, open the Advanced tab, and set a value in Number Of Consecutive Erroneous Login Attempts. The default is 3.
When the maximum number of failed login attempts is reached, the user must restart the Desktop. If enhanced user security is enabled, the user account is also locked. For more information, see the section below, Enhanced User Security.
Enable Logging for User Login
In order to configure the system to log failed attempts in the System Log, open the Advanced tab, and select the check box Enable Logging For User Login. Successful logins and locked accounts are always logged regardless of this setting.
Reauthenticate Users after Inactivity
In order to configure the system to reauthenticate users after a period of inactivity in the Desktop or mzsh shell (interactive mode), open the Advanced tab, and select the check box Reauthenticate Users After Inactivity. Then set the maximum inactive time in Time of Inactivity Before Reauthentication (Minutes).
In the Desktop, the duration of time that the user does not perform any actions is counted as inactive time, regardless of ongoing processes.
However, users are not logged out due to inactivity, but must authenticate again in order to continue the session.
In the mzsh shell, the duration of time that the user does not press any key is counted as inactive time, provided that there is no ongoing command execution. Users are logged out as a result of inactivity and are prompted to enter the password again.
Enhanced User Security
...
The default maximum password age is 30 days for administrators , i e that means the users that are members of the Administrator group, and 90 days for other users.
You can modify the password rules with the following Platform properties:
...
This section does not apply if authentication is to be performed by.NOTE:
| Note | ||
|---|---|---|
| ||
For Active directory specific settings check Active Directory Important Information. |
Directory Structure
The LDAP directory that is used for authentication must conform to the following requirements:
...