Manage security settings

Portal admins set up and manage the settings for password policies and Multi-Factor Authentication (MFA Multi-factor authentication. An extra layer of security for Prophix accounts. MFA goes beyond a simple ID and password challenge, requiring the user to provide additional credentials.). These settings reflect your organization's password security policies.

  Note:  The security settings described below are restricted to Prophix Authentication; they do not apply to SSO authorization.

Set password policy

You specify all the password policy settings for Portal in  Security Settings.

  Note:  The procedure below sets password policy for Prophix Authentication only.

  Note:  When you change any policy setting, the new policy goes into effect the next time that users attempt to sign in.

  Tip:  If you want to apply policy changes without waiting until users sign-in again, you can require a password reset.

1. In the left-hand panel, click  Account Management >  Security Settings.

   

2. Specify the following as needed:

   • Minimum password length: From eight up to 256 characters.
   • The following options are turned on by default and cannot be disabled:
     • Password contains at least one uppercase letter
     • Password contains at least one lowercase letter
     • Password contains at least one number
   • Password contains at least one special character: Turn on to require users to include one or more non-alphanumeric characters in their passwords.
   • Enable password expiration: Turn on to require users to periodically change their passwords.
     • Days before expiration: The number of days before prompt appears requiring password change. (Up to 120.)
   • Prevent password re-use: Turn on to require users to periodically change their passwords.
     • Number of passwords to remember: How many previous passwords to store in order to prevent frequent re-use. (Up to 10.)
   • Lock users after failed attempts
     • Sign-in attempts before lockout: The number of wrong tries the user is allowed before being locked out. (Default is five.)

     • Lockout time default (in minutes): How long to keep the account locked. (From 15 to 60 minutes.)

         Tip:  You can unlock the account immediately from User Management.

3. Click Apply.

MFA is mandatory

MFA and Prophix Authentication

All Prophix One users who are assigned Prophix Authentication are required to use MFA Multi-factor authentication. An extra layer of security for Prophix accounts. MFA goes beyond a simple ID and password challenge, requiring the user to provide additional credentials.:

• At first-time sign-in, the user is prompted to set up an MFA account.

• At every subsequent sign-in, the user is prompted to provide a one-time password.

  Note:  Upon MFA setup, Prophix provides links to download Google Authenticator; however, you can choose to use other authentication apps that support QR Code scanning (for example, Microsoft Authenticator).

MFA and Portal admins

Portal administrators have the choice of using Prophix Authentication (with MFA, as described in the preceding section) and/or their own SSO provider.

  Tip:  By assigning a Portal admin both Prophix Authentication as well as a custom SSO method, in the event the SSO provider suffers a service interruption, the admin can still sign in to the Prophix One Platform.

MFA and other SSO solutions

If you choose not to use Prophix Authentication but to go with your own SSO provider, you must use their MFA service.