Difference between revisions of "NF1.0 User Locking"
CarlosRuiz (talk | contribs) |
|||
| (40 intermediate revisions by 3 users not shown) | |||
| Line 7: | Line 7: | ||
'''Description:''' | '''Description:''' | ||
| − | This new feature allows implement user locking on some events: | + | This new feature allows to implement user locking on some events: |
* Maximum account locking in minutes | * Maximum account locking in minutes | ||
| Line 14: | Line 14: | ||
* Maximum password age in days | * Maximum password age in days | ||
| + | These parameters are configured in "System Configurator" window | ||
| − | + | * USER_LOCKING_MAX_ACCOUNT_LOCK_MINUTES | |
| + | * USER_LOCKING_MAX_INACTIVE_PERIOD_DAY | ||
| + | * USER_LOCKING_MAX_LOGIN_ATTEMPT | ||
| + | * USER_LOCKING_MAX_PASSWORD_AGE_DAY | ||
| − | + | == Maximum Login Attempts == | |
| + | '''How to configure the system to lock the user account at the third failed attempt login:''' | ||
| − | [[Category:New Features | + | 1. In "System Configuration" window, find record "USER_LOCKING_MAX_LOGIN_ATTEMPT". |
| − | [[Category: | + | |
| + | 2. Set value for field "Configured Value". | ||
| + | |||
| + | [[File:Screenshot17.png]] | ||
| + | * at the third failed attempt, the user account will be locked | ||
| + | |||
| + | 3. Log out. | ||
| + | |||
| + | Login with another user, use password or user incorrect. | ||
| + | |||
| + | [[File:Screenshot13.png]] | ||
| + | |||
| + | [[File:Screenshot14.png]] | ||
| + | |||
| + | [[File:Screenshot15.png]] | ||
| + | |||
| + | Try to log in for the fourth time and the system will ask you to contact your system administrator to unlock user's account. | ||
| + | |||
| + | [[File:Screenshot16.png]] | ||
| + | |||
| + | Log in with "GardenAdmin". Use the "Reset Locked Account" process to unlock the user account. | ||
| + | |||
| + | [[File:Screenshot18.png]] | ||
| + | |||
| + | [[File:Screenshot19.png]] | ||
| + | * Now the user will be able to log in. | ||
| + | |||
| + | == Maximum Password Age == | ||
| + | |||
| + | '''How to configure the system to lock the user account using maximum password age in days:''' | ||
| + | |||
| + | 1. In "System Configuration" window, find record "USER_LOCKING_MAX_PASSWORD_AGE_DAY". | ||
| + | |||
| + | 2. Set value for field "Configured Value". | ||
| + | |||
| + | [[File:Screenshot20.png]] | ||
| + | |||
| + | 3. Log out. | ||
| + | |||
| + | Log in with another user. Where value of "Date Password Changed" is more than 30 days ago, in "User" window. | ||
| + | |||
| + | [[File:Screenshot21.png]] | ||
| + | |||
| + | Will be directed to change password screen. | ||
| + | |||
| + | [[File:Screenshot22.png]] | ||
| + | |||
| + | == Maximum Inactive Period == | ||
| + | |||
| + | '''How to configure the system to lock the user account using maximum inactive period in days:''' | ||
| + | |||
| + | 1. In "System Configuration" window, find record "USER_LOCKING_MAX_INACTIVE_PERIOD_DAY". | ||
| + | |||
| + | 2. Set value for field "Configured Value". | ||
| + | |||
| + | [[File:Screenshot23.png]] | ||
| + | |||
| + | 3. Log out. | ||
| + | |||
| + | Log in with another user. Where value of "Date Last Login" is more than 10 days ago, in "User" window. | ||
| + | |||
| + | [[File:Screenshot24.png]] | ||
| + | * Remember to use the "Reset Locked Account" process to unlock the user account | ||
| + | |||
| + | '''Technical Info:''' [http://idempiere.atlassian.net/browse/IDEMPIERE-373 IDEMPIERE-373] | ||
| + | |||
| + | See also [[NF6.2_Warning_on_Password_Expiration|Warning on Password Expiration]] | ||
| + | |||
| + | [[en:NF1.0 User Locking]] | ||
| + | [[de:NF1.0 Nutzersperren erweitert]] | ||
| + | |||
| + | |||
| + | [[Category:New Features|S]] | ||
| + | [[Category:New Features v1.0|S]] | ||
| + | [[Category:New Features Security]] | ||
| + | [[Category:User Manual]] | ||
| + | [[Category:Security]] | ||
| + | [[Category:Role]] | ||
| + | [[Category:User]] | ||
Latest revision as of 10:53, 29 August 2019
Feature: User Locking
Goal: Security
Sponsor: Trek Global
Description:
This new feature allows to implement user locking on some events:
- Maximum account locking in minutes
- Maximum inactive period in days
- Maximum number of login attempts
- Maximum password age in days
These parameters are configured in "System Configurator" window
- USER_LOCKING_MAX_ACCOUNT_LOCK_MINUTES
- USER_LOCKING_MAX_INACTIVE_PERIOD_DAY
- USER_LOCKING_MAX_LOGIN_ATTEMPT
- USER_LOCKING_MAX_PASSWORD_AGE_DAY
Maximum Login Attempts
How to configure the system to lock the user account at the third failed attempt login:
1. In "System Configuration" window, find record "USER_LOCKING_MAX_LOGIN_ATTEMPT".
2. Set value for field "Configured Value".
* at the third failed attempt, the user account will be locked
3. Log out.
Login with another user, use password or user incorrect.
Try to log in for the fourth time and the system will ask you to contact your system administrator to unlock user's account.
Log in with "GardenAdmin". Use the "Reset Locked Account" process to unlock the user account.
* Now the user will be able to log in.
Maximum Password Age
How to configure the system to lock the user account using maximum password age in days:
1. In "System Configuration" window, find record "USER_LOCKING_MAX_PASSWORD_AGE_DAY".
2. Set value for field "Configured Value".
3. Log out.
Log in with another user. Where value of "Date Password Changed" is more than 30 days ago, in "User" window.
Will be directed to change password screen.
Maximum Inactive Period
How to configure the system to lock the user account using maximum inactive period in days:
1. In "System Configuration" window, find record "USER_LOCKING_MAX_INACTIVE_PERIOD_DAY".
2. Set value for field "Configured Value".
3. Log out.
Log in with another user. Where value of "Date Last Login" is more than 10 days ago, in "User" window.
* Remember to use the "Reset Locked Account" process to unlock the user account
Technical Info: IDEMPIERE-373
See also Warning on Password Expiration
