Docs

Security Settings

Suggest Edits

You can access the Security window on the dashboard. Along with some standard security-related preferences, here you will find a full list of users with login access to your onCourse application and data, along with the different user roles you have defined within onCourse.

If you know the name of the record you’re looking for, type it into the Filter Items search at the top of the left-hand column. Otherwise just scroll the list until you find what you’re after.

Figure 31. The Security window

Figure 31. The Security window

The first section is called 'Settings', containing onCourse’s main security related preferences, including rules around enforcing two-factor authentication. You have the following preferences to switch on or off:

Automatically disable inactive user accounts

This will disable accounts that haven’t logged in after a set number of days. This could be useful for disabling the accounts of past employees if you don’t have the time to manage it yourself.

Require better passwords

When enabled, this feature demands the use of a more secure password. When enabled, it will typically reject any common passwords and enforce a higher standard of password to be used by all users.

Require password change every days

When enabled, this feature will demand users change their password every set number of days. You can change the number of days manually by clicking the number in the field.

Require two-factor authentication every hours

When enabled, this will require all users to get a new authorisation via a third-party authorisation app after the set number of hours. You can change the number of hours manually by editing the number in the field. This only applies when the same user is using the computer. If another user signs in to their account on your computer, you will be required to enter your 2FA authorisation regardless of this setting.

Disable account after login attempts

When enabled, any user account that fails to login with the correct password this number of times will have their account disabled. An admin user of your system will need to go in to their user record and re-enable them manually. The default setting is 5 attempts.

Updated 6 months ago