iPassport allows each account to customise their password complexity settings to force users to include a non-alphanumeric character, number or uppercase letter in their passwords. The settings can be found in ‘User Logon Settings’.
When a user is changing their password the system will notify them if their new password does not match the requirements. After the password preferences have been changed, the system will also inform users when they log into the system if their password does not match the new requirements and will prompt them to update it.
Navigate to Administration -> Settings -> System Settings -> User Logon Settings.
‘Block re-use of previous password’. Once checked ensures that a user can never use a password that they have previously used within iPassport.
‘Lockout period (in minutes) after maximum failed consecutive logins reached’. If a ‘Maximum consecutive failed login before locking user account’ value is set then admin can define here the time period used to lock the user out, after they failed to login after maximum number of times, before allowing them to try again
‘Login Strategy’ sets which strategy will be used to log users in. This applies to the whole account.
‘Maximum consecutive failed logins before locking user account’ admin can set how many consecutive failed logins a user can perform before being locked out of the system. If a Lockout period is set then the system will unlock the user’s account after this time has passed or admin can unlock the user.
‘Minimum Password Length’ is used to configure the minimum number of characters in a user’s password.
‘Password Expires after (days)’ is used to force users to change their passwords after a given number of days. Use 0 if the password should never expire.
‘Password should include a non alphanumeric character’ forces the user’s password to contain at least one special character (@&<= etc).
‘Password should include a number’ forces a user’s password to contain at least one number.
‘Password should include an uppercase letter’ forces a user to have at least one uppercase letter in their password.
If the system has a locked out user, admin with permission above will be able to unlock the user by navigating to Administration -> Users -> Search Users and using the ‘Filter Locked/Not locked ‘ set to ‘Locked’.
To unlock a user click on ‘Locked Out (Click to Unlock)’ in the ‘Current Activity’ column. The system will ask if admin are sure they want to unlock the user, click ‘OK’ and a green banner will appear confirming the user is now unlocked.
Two factor authentication allows an additional level of security to guard against password theft. When logging into iPassport, in addition to entering a username and password, users will be sent a code via email. Copy and paste this code into the field in order to access the system.
When using two factor authentication admin can choose to use code validation each time a user logs in or use the additional code validation to check after a set number of days. For example, admin could ask their users to verify their identity using the email code once a week. The rest of the time they would login normally.
To enable this feature, navigate to Administration -> Settings -> System Settings -> User Logon Settings -> ‘Login Strategy’ dropdown field and select ‘2-Factor Authentication Login’.
Navigate to Administration -> Settings -> System Settings -> Two Factor Settings.
‘Max Attempts’ decides how many times user can incorrectly enter verification code before their account is locked.
‘Remember Second Factor For (days)’ specifies the number of days before the user is asked to provide second factor code again. The user will not have to enter second factor code between logins for this number of days. Only their login and password will be required.
Navigate to Administration -> Settings -> System Settings -> LDAP Configuration
If LDAP is already in use for other services it’s very easy to configure iPassport to also authenticate users.
Navigate to Administration -> Settings -> System Settings -> SAML Configuration