Access to the application is granted by your organization's application administrator. You will need the URL defined by your organization, a valid username, and password to log in to this application
Security settings assigned to each user apply upon login. Areas and some functions within this application are permission based. This means if you do not see an area, an object, or a function is grayed out, then access to that area or object has been prohibited.
Important: This documentation refers to transactions by their default names. Your administrator can change these names to conform with your business practices. 1
Modern technologies necessitate higher security standards. In the past, web sites often used simple password requirements, which allowed users to create simpler, less secure passwords.
To meet modern security standards this system will require stricter Login Policies as of application version 7.4.4.2+, and 7.5.2+. Password hardening enhancements and password complexity requirements will roll out in several phases in addition to multi-factor authentication (MFA) 2 setup methods.
Password validation checks will be notable upon upgrade. This means, some password requirements will be in effect upon upgrade and others will only take effect when an end-user changes their password by either choice; or the existing Login Policy enforces the change; or an existing Login Policy is altered in Setup.
The table below displays password enhancements, new defaults, and new or stricter password hardening requirements:3
| Login Policy Setting | Description |
|---|---|
| Default Password | Users who log in to this application using
the default password will be forced to change their password and
adhere to new validation checks which will prevent users from using
a password length less than eight characters and forbids the use
of the Login ID in the password field. Applicable to version 7.4.4.2+,
7.5.2+, 7.5.3+. Due to stricter password requirements, the minimum password length is fifteen as of version 7.5.4. Maximum value for this field increased from 40 to 64 characters. |
| Login Disabled When User is Inactive After | This field can no longer be blank and will
now default to 31 days if the field was blank in the Login Policy
prior to an upgrade. Field requirement is 1 - 999. Due to enhanced password requirements, the maximum number of days is 60 as of version 7.5.4. Values less than 60 days, or greater than one day will be retained in the application upon upgrade. System administrators may need to reset a user’s password to the default password in order for the user to log back in and change their password. |
| Time Allowed for Users to Reset Password | This field can no longer be blank, and will now default to six hours if the field was blank in the Login Policy prior to an upgrade. |
| Force Password Change if Default | This check box has been removed from the Login Policy area |
| Failed Password Third Attempt Lockout | This field in a Login Policy can no longer
be configured to ignore failed login attempts, and now a required
field with a minimum lockout period preset to thirty minutes. An
existing Login Policy that contains a value less than 30 minutes
will be immediately impacted by this change. A preconfigured value
of 30 minutes or greater will not be affected by this change. Applicable to Web and IVR as of application version 7.5.4. |
| Force Password Change Every _days | If users are required to change their passwords periodically, type that value in this field. RESTRICTIONS - Minimum(1) Maximum (999) *As of application version 7.5.4+ this field is required and defaults to a maximum period of 90 days when Multi-Factor Authentication is disabled. When Multi-Factor Authentication is enabled, this field defaults to a maximum period of 180 days. Existing values below 90 days will be retained upon upgrade. |
| Password Complexity | Expanded Login Policy to include additional
password complexity fields:
Three out of these four password complexity features must be included in your password as of application version 7.5.4. |
| Prohibit passwords from the forbidden passwords list | This check box is required, enforced, and defaults to true as of application 7.5.4. |
| Prohibit Reuse of the last* | Ensures the last X number of passwords cannot be reused. The default is 24. Applicable to Web and IVR passwords. Restrictions: Minimum (24) Maximum (1000) Field added in application version 7.5.4. |
| New Users Must Log In Within* | Ensures a new user must log in to this application within the number of days set and available as of version 7.5.4. This field is required and defaults to a minimum value of 30 days. Applicable to Web and IVR and new customers on day one. Existing customers will see the new policy take effect the next time their password needs to be changed. |