/
Manage Security Settings

Manage Security Settings

Owned by Jamie Dottavio (Unlicensed)
Mar 28, 2023
4 min read

The ‘Manage Security Settings’ page is where an Administrator or user with Edit Settings access permissions can set up certain security features for their company.

The ‘Manage Security Settings’ page is shown below:

Password Policy

Administrators and authorized users can change the password complexity rules (e.g. length, must contain numbers, letters symbol), turn password aging on/off, and set the time interval for requiring a user to change their password after a certain period. 

The Password-Aging feature allows the Administrator to require users to change their password after a defined number of days. User passwords will never expire if this value is set to 0.

When changes are made to the password complexity rules, the requirements are not enforced until the user is directed to change their password.

For example, if the password length has changed from 8 to 12, this rule will not be enforced until the user next changes their password. Although their current password is only 8 characters in length, it will remain valid. An Administrator can force all users to use the new password rules by checking the option ‘Force all users to change password at next sign in’.

IP Address Management

Administrators and authorized users can identify the IP addresses allowed to access the CMS. IP addresses can be managed by clicking on the appropriate button, 'Add IP Address' or 'Edit/Show IP Address'. These buttons are accessible when the 'Restrict Access to CMS Via IP Address' feature is enabled (checked) on the Settings page. The 'Edit/Show IP Address' button is enabled when an IP address is added. Enabling the 'Check Previous IP At Sign in' will email the user if their current IP address differs from the previous IP address used to sign on successfully.

Email Link Management

Administrators and authorized users can set specific expiration periods for certain email links sent to a user via the CMS. 

New User Password Link Expiration (hrs):

This value represents the number of hours before the link sent in the 'Welcome' email message expires.

Forgot Password Link Expiration (hrs):

This value represents the number of hours before the link sent in the ‘Forgot Password’ email message expires.​

Two-factor PIN Link Expiration (hrs):

This value represents the number of hours before the link sent in the 'Two-factor PIN' email message expires.

Session Management

Administrators and authorized users can set a specific timeout warning and timeout session limit for their company's access to the CMS. 

Session Timeout

This value represents the number of minutes of idle time before a user's CMS session times out. The user will receive a message that the session has timed out, the user will be automatically signed out of the CMS, and their unsaved input will be lost. Idle time is the period between consecutive interactions with the CMS server (e.g., a page refresh, moving to another CMS page). Typing in the CMS without changing pages is not considered an interaction.

Session Timeout Warning

​This value represents the number of minutes before a session times out that a user will receive a warning message. The user can click 'Ok' on the warning message to continue their session (reset idle time to 0). 

For example, if this value is set to 5 minutes, a warning message will present to an idle user 5 minutes before their session times out.

Web API Access

Administrators and authorized users can enable Web API access to the CMS and create Web API credentials. This feature is available to clients at the Connects Standard Enterprise service level.

Enable

This option allows the Administrator to enable Web API access to their CMS. 

When Web API Access is enabled, the CMS will allow remote transactions to query and add incident reports, given proper credentials. 

When this option is not enabled, all Web API requests will be rejected. 

There is a limit of 100 Web API transactions per day. To learn more about Web API Access into the CMS, please see the Syntrio document entitled "CMS Web API Specifications”.

Web API Key

This value is used along with the Web API password to act as credentials required for Web API Access into the CMS. This value is generated internally by the CMS. A new value can be generated by clicking the 'Generate Web API Key' button.

​Web API Password

This value is used along with the Web API Key to act as credentials required for Web API Access into the CMS. The Administrator creates the Web API password. To change the Web API password, click on the 'Reset Password', enter a new password, and click the 'Save' button.

Related content

User Administrative Functions
User Administrative Functions
Connects Standard Help & Support
More like this
Settings Tab
Settings Tab
Connects Standard Help & Support
More like this
IP Address Access Permissions
IP Address Access Permissions
Product Development
More like this
Restrict Access to CMS Via IP Address
Restrict Access to CMS Via IP Address
Connects Standard Help & Support
More like this
Getting Started
Getting Started
Connects Standard Help & Support
More like this
Company Settings Defaults
Company Settings Defaults
Connects Standard Help & Support
More like this