Security (Settings)

Location: Settings > User Settings > Security

Overview

The Security settings allow CommTrak Administrators to configure password policies, two-factor authentication, session management, and login restrictions for all users across the organisation. Changes are applied by clicking Save. To restore all fields to their default values, click Reset Preferences.

Settings Reference

Minimum Password Length

Sets the minimum number of characters required for all user passwords.

Options: 6, 8, 10, 12, 14, 16

Users will be prevented from setting a password shorter than the selected value. If this setting is increased, existing users will be prompted to update their password at next login.

Minimum Password Complexity

Sets the character requirements that all user passwords must satisfy.

Options:

  • No complexity requirements — Any combination of characters is accepted.
  • Mixed case — Password must contain both uppercase and lowercase letters.
  • Mixed case and number(s) — Password must contain uppercase letters, lowercase letters, and at least one number.
  • Mixed case, number(s) and special character(s) — Password must contain uppercase letters, lowercase letters, at least one number, and at least one special character (e.g. !, @, #).

If complexity requirements are increased, existing users will be prompted to update their password at next login.

Force Password Change

Sets the interval at which all users are required to change their password.

Options: Never, 1 month, 2 months, 3 months, 6 months

When set to any interval other than Never, users will be prompted to set a new password once the specified period has elapsed since their last password change.

2-Factor Authentication (2FA)

Sets whether and how two-factor authentication is applied at login. A user is considered out of office when they are not connecting from an IP address listed in the Office IP Addresses field.

Options:

Office IP Addresses

A comma-separated list of IP addresses that define office network locations. This field is relevant to any settings that distinguish between office and out-of-office access.

Format: Enter one or more IPv4 addresses separated by commas, e.g. 192.168.1.1,203.0.113.45   .

This field interacts with user-level login restrictions. Where a user's account has Restrict Login set to Office only, that user will only be able to log in from an IP address listed here. Users with Unrestricted access may log in from any IP address regardless of this list.

Refer to Support Centre article, Users (Settings) for further information about the Restrict Login field.

Lock Accounts

Automatically locks user accounts following a specified number of unsuccessful login attempts within a defined time window. Locked accounts are automatically unlocked after the lockout duration has elapsed.

Configuration:

Lock accounts for [duration] minute(s) after [attempts] unsuccessful login attempts within [window] minute(s).

Example: With the values 15 / 3 / 1, an account will be locked for 15 minutes if 3 unsuccessful login attempts are made within any 1-minute period.

This setting applies to all user accounts. When a user is locked out, there are two ways to regain access:

  1. Wait for the lockout period to expire.
  2. A CommTrak Administrator can set a temporary password for the user. The user will be prompted to change their password upon logging in with the temporary password.

Using the Forgot your password? option does not cancel the lockout duration and will not restore access until the lockout period has elapsed. Users who are locked out should refer to the support article: Unable to Sign In to CommTrak.

Session Inactivity Timeout

Sets the period of inactivity after which a user's session is automatically ended, requiring them to log in again.

Options: Never, 15 minutes, 30 minutes, 1 hour, 2 hours, 4 hours, 8 hours, 1 day, 3 days, 7 days

When set to Never, sessions will not be ended due to inactivity.

Maximum Session Lifetime

Sets the maximum duration a session can remain active regardless of activity, after which the user must log in again.

Options: Browser Session, 1 week, 2 weeks, 3 weeks, 4 weeks

When set to Browser Session, the session ends when the user closes their browser.

Saving Changes

After adjusting any settings, click Save to apply them. To discard all current changes and restore every field to its default value, click Reset Preferences.