Skip to main content

Site Options: Security - General and 2 Factor

Updated

General Security options include:

  • Password expiration and options to set the time to expire

  • Whitelisted IP's - to restrict access to specified IP addresses

2 Factor Security options include:

  • Enabling 2 factor security by user type

  • Whitelisted IP addresses - not requiring 2 factor authentication by IP addresses

  • 2 factor expiration and options to set time for 2 factor to expire

General Security setup:

  1. Admin > Settings & Utilities> Site Options

  2. Click the Security Tab:

Password Expires after:

  • Never – password never expires

  • 30 days- Password will expire after 30 days

  • 60 days – Password will expire after 60 days

  • 90 days – Password will expire after 90 days

Client White List IP’s:

  1. If anything exists in the list, then users can only login from the IP ranges specified.

  2. If nothing exists in the list, then users can login from any public address.

  3. Portal users are not affected by this list. Portal users can always use public addresses.

  4. When adding new addresses into the white list fields the following apply:

  • The first 4 boxes are all editable

  • The second 4 boxes are defaulted to the first 4 boxes

  • User can only maintain the last of the second 4 boxes

  • Number range for each box is 0 through 255

  • The last of the second 4 boxes must be greater or equal to the last of the first 4 boxes

  • User fills in the boxes and clicks “add” button to add to the list

2 Factor Security:

Enable 2 Factor Authentication for:

  • None (To Disable 2 factor)

  • Credit/Inquiry Users

  • Portal Users (These are portal users added in user maintenance, does not affect the customer portal link)

  • All users

2 factor expires after:

  • Never - (10-year cookie is set by browser, 2 Factor is not requested unless cookies are cleared.)

  • Always (cookie is not set, requiring 2 Factor every login)

  • 30 Days (2 Factor is not requested until cookie expires in 30 days or browser clears cookies)

  • 60 Days (2 Factor is not requested until cookie expires in 60 days or browser clears cookies)

  • 90 Day (2 Factor is not requested until cookie expires in 90 days or browser clears cookies.)

2 factor white list:

  • Users logging in from the IP ranges specified will not be asked for 2 Factor Verification.

  • When adding new addresses: 

  • The first 4 boxes are all editable.

  • The second 4 boxes are defaulted to the first 4 boxes

  • User can only maintain the last of the second 4 boxes

  • Number range for each box is 0 through 255

  • The last of the second 4 boxes must be greater or equal to the last of the first 4 boxes.

  • User fills in the boxes and clicks “add” button to add to the list.

Please Note:

In user Maintenance (Admin>Master File>User) or Users' My Profile (User Settings), if a user has a cell phone on file, they are given the option to receive 2 Factor via email or text message. If a user does not have a cell phone on file, an email will be sent.

In User Maintenance the “Require Password Change on Next Login” option is checked, the next time they login the user will be prompted for a new password.

In User Maintenance and creating a new user - They will be prompted to enter their security question, a new password, and if 2 factor verification is a valid code must be entered.

Related articles