You can customize the security settings for your Account. While each security feature has a default setting, the account owner can adjust these settings to meet the specific needs of the account.
Prerequisite
You must have the Account Owner role.
To change the account security settings:
- Click the Account Managment in the navigation bar.
- In the right pane, click the Security Settings tab.
- Select 'Default' or Specify a value.
- Click 'Save' to keep and activate the changes.
Two-Factor-Authentication (2FA)
Enhances security by requiring users to provide a second form of verification in addition to their password.
Current default: Disabled.
Ayyeka Recommendation: Activate the option for higher security authentication.
Note: Changes will take effect the next time users log-in.
Actions:
-
Select the "Require two factor authentication" option to enable all account users to use two factors for their log-in authentication.
- If the "Disable" option is selected at the account level, users can still activate it for individual users within the User Settings.
Password Expiration Absolute Period
Sets a maximum duration after which a password must be changed, regardless of usage.
Current default: 4 months
Current Min-Max values: 10 days to 2 years
Ayyeka Recommendation: Force the account users a password reset every 30-120 days.
Note: Changes will take effect the next time the users reset their password.
Actions:
-
Select the "Specify a Value" radio button to set your own account settings.
- Set shorter duration to increase your account security.
Password Expiration Inactivity Period
Specifies the time a password can remain unused before the user is prompted to change it.
Current default: 4 months
Current Min-Max values: 10 days to 2 years
Ayyeka Recommendation: Force the account users a password reset every 30-90 days if no login.
Note: Changes will take effect the next time the users reset their password.
Actions:
-
Select the "Specify a Value" radio button to set your own account settings.
- Set shorter duration to increase your account security.
Session Expiration Absolute Timeout
Limits the total time a session can remain active before requiring the user to re-authenticate, regardless of activity.
Current default: 1 week
Current Min-Max values: 1 hour to 3 months
Ayyeka Recommendation: Set the account users a session absolute timeout of 1-24 hours.
Note: Changes will take effect the next time users log-in.
Actions:
-
Select the "Specify a Value" radio button to set your own account settings.
- Set shorter duration to increase your account security.
Session Expiration Inactivity Timeout
Ends a session after a period of inactivity, requiring the user to log in again to continue.
Current default: Disabled
Current Min-Max values: 3 minutes to 1 month
Ayyeka Recommendation: Set the account users a session inactivity timeout of 5-30 minutes.
Note: Changes will take effect the next time users log-in.
Actions:
-
Select the "Specify a Value" radio button to set your own account settings.
- Set shorter duration to increase your account security.
Notes:
- Future Adjustments: The default settings, as well as the minimum and maximum values, may be updated in the future to comply with evolving security standards.
- Sub-Account Inheritance: If a sub-account is configured to use default settings, it will automatically inherit the default values from the parent account.