Security Policy

Navigate: Closed Configuration > Security and User Maintenance > Security Policy

Description

Use the Security Policy task to configure the application based on your jurisdiction's security policy.

CAUTION: The Aumentum Implementation team sets the security policy default settings for your jurisdiction. Contact them before making any changes to settings.

Windows Integrated Security for Aumentum allows single signon. When signing into Windows, the login ID information is passed to Aumentum so that automatic login/single signon occurs in Aumentum as well as in Windows.

Steps

Authentication Policy

  • Allow Windows Authentication – Allow the use of Windows authentication. Windows or domain user accounts may be added as application users. Windows users may automatically authenticate through the application portal when Windows security is enabled in IIS. Anonymous users may enter Windows credentials in the login form. Secure Sockets Layer (SSL) is recommended for use with Windows authentication through the login form.
  • Use Identity Cache – Use identities from credentials cached in a trusted subsystem to access network resources. When turned off, the system defaults to impersonation and assumes the network resource is granted anonymous access or resides on the same server, or the identity of the application or IIS user is trusted for constrained delegation in Active Directory with Kerberos.
  • Use Active Directory – Windows users are on a domain and use Active Directory to authenticate Windows user credentials and resolve domain names. With this setting turned off, it is assumed that the server and/or Windows user is not part of a domain, but is granted rights to the application server.
  • Login attempts before lockout – Number of user login attempts before the user account is locked out. Enter 0 for no limit. No value entered defaults to 5.

Password Policy

  • Minimum Password Length – No value entered defaults to 1.
  • Require At Least One Uppercase
  • Require At Least One Lowercase
  • Require At Least One Numeric
  • Require At Least One Special Character
  • Cannot Use Display Name Or Login – Accounts are not allowed to use the display name or login as part of the password.
  • Restricted Patterns – Enter a list of restricted patterns or words, separated by spaces. To prevent users from entering spaces, use "\s".
  • Minimum Password Age – Determines the number of days before a previous password can be reused. No value entered or 0 means no previous passwords can be reused.
  • Enforcing Password History – The number of passwords remembered by the system. No value entered or 0 means no previouis passwords will be remembered.
  • Password Expiration Days – Number of days before passwords will expire. To expire all passwords now, set value to 0. To never expire passwords, leave it blank.
  • Password Expiry Reminder (in Days) – Enter the number of days for warning users that their passwords are about to expire. No value or 0 means no password expiry reminder is given.
  • Password Expiry Email Reminder – Supports Password Expiry Reminder by sending and e-mail to users when their passwords are about to expire.

Active Directory Policy

  • Protocol – Active Directory query protocol. Defaults to LDAP if protocol is not supported.
  • Identity – Name of cached identity to use for authenticating against Active Directory. A blank value defaults to impersonation using the current Windows identity.

Login Formats Supported

The Aumentum Platform supports only those current users stored in the application.

[username] Examples: Admin jsmith User name requires an Aumentum password and authenticates against the local (Aumentum) credential store (User Profile)
[winnt domain or workgroup-computer]\[username] Examples: KZO\username MIPORNOAH01\username Aumentum first attempts to authenticate (using the Windows username and password) securely against a domain (if active directory support is enabled and running), or log on to the server using the computer or workgroup name. If Windows/domain authentication is successful, the user is authenticated against the Aumentum user profile.
[username]@[full domain name] Example: username@Aumentum.com Aumentum first attempts to authenticate securely against a domain (if active directory support is enabled and running), or log on to the esrver using the computer or workgroup name. If Windows/domain authentication is successful, the user is authenticated against the Aumentum user profile.