| Field Name | Login Policy Field Description |
|---|---|
| Name | The label for the selected Login Policy. |
| Login Source | Defines one or more ways in which users with
this Login Policy can log in to the application. Options are:
|
| Field Name | Login Policy Field Description |
|---|---|
| Prohibit Reuse of the last* | Ensures the last X number of passwords cannot be reused. The default is 24. Applicable to Web and IVR passwords. Restrictions: Minimum (24) Maximum (1000) Field added in application version 7.5.4. Tracking the last X passwords will only take effect within the |
| Password Must Be Unique within _ days | When the user changes their password, the application
ensures that the password is unique within this time frame. RESTRICTIONS
- Minimum (null, 1) Maximum(999) Applicable to Web and IVR as of version 7.5.4. Note:
This field is typically used in conjunction with Force Change Every __ Days. For example, if the Login Policy forces a new password every 90 days, it can verify that an old password is not re-used within a year's time (the password is unique within 365 days). |
| Force Password Change Every _ days | Enforces users to change their password periodically. Type the number of days a user can keep the same password. RESTRICTIONS - Minimum(1) Maximum (999). *As of application version 7.5.4+ this field is required and defaults to a maximum period of 90 days when Multi-Factor Authentication is disabled. When Multi-Factor Authentication is enabled, this field defaults to a maximum period of 180 days. Existing values below 90 days will be retained upon upgrade. Users can only change their password once per day. |
| New Users Must Log In Within* | Ensures a new user must log in to this application within the number of days set and available as of version 7.5.4. This field is required and defaults to a minimum value of 30 days. Applicable to Web and IVR login - and new customers on day one. Existing customers will see the new policy take effect the next time their password needs to be changed. |
| *Force password change If default | Forces users to change their password upon login when their password matches the default password. Field removed in application version 7.4.4.2+ and 7.5.2+. Required by default. |
| *Login Disabled When User Is Inactive After | Disables login credentials for a user who has
not logged in to the system after the number of consecutive days
indicated in this field have elapsed. Must use a positive whole
number greater than zero. Force password change if default must
be checked to enable this setting prior to application versions
7.4.42, and 7.5.2. RESTRICTIONS - Minimum (1,*31,**60) Maximum (999,**60) *This field is required and defaults to 31 days if no value is provided as of application version 7.4.4.2+ and 7.5.2+. **This field is required and defaults to the maximum 60 days allowed as of version 7.5.4. Applicable to Web and IVR login. Values less than 60 days, or greater than one day will be retained in the application upon upgrade to 7.5.4. Note:
Employees on extended leave, for example, may require a system administrators to reset their password to the default password in order for them to log back in and change their password. |
| *Time Allowed for User to Reset Password | Grants the user this much time to log in using the default password and upon login forced to reset their password. Failure to log in within the time allowed will require the default password to be reset by authorized personnel to restart the time allowed. This field is required and defaults to six hours if no value is provided as of application version 7.4.4.2+ and 7.5.2+. Force password change if default must be checked to enable this setting prior to application versions 7.4.4.2, and 7.5.2. RESTRICTIONS - Minimum (1) Maximum(999) |
| *Failed Password Third Attempt Lockout _ minutes | Denies the user access to the application for
X number of minutes if the password fails to authenticate after
three attempts. If this field is blank, then the user is never locked
out due to repeated password failure attempts. RESTRICTIONS -
Minimum (null, 1, 30) Maximum(999). Note: As of application
version 7.4.4.2+ and 7.5.2+ this field can no longer be configured
to ignore failed attempts. This field is preset to three attempts.
Thirty minutes is the minimum lock out period. An existing Login
Policy that contains a value less than 30 minutes will be immediately
impacted by this change. A preconfigured value of 30 minutes or
greater will not be affected by this change.
Applicable to Web and IVR as of version 7.5.4. |
| Unique Identifier | System internal ID. |
Multi-factor authentication (MFA) settings are available as of application version 7.5.4.
| Field Name | Login Policy Field Description |
|---|---|
| Multi-Factor Authentication Method | Displays the types of Multi-factor Authentication
methods available in this application. Choices are:
Note:
Email gives companies the ability to define a specific email address to send the email containing the verification code (token) to the recipients for the VCA token emails. Before enabling Email as an MFA method, ensure that all members of this Login Policy have an email address in one of their contact methods. When no Authentication Email Address exist, then this application will use the email address in the user’s list of “Contact” methods with the lowest number. For example, if Contact method 2 and Contact method 3 both contain email addresses, then this application will use the email address in Contact method 2 by default. To change your preferred email address for authentication purposes, go to the Authentication Email Address field in My Info and provide the desired email address which will override the email in Contact Methods. If the user’s Contact Methods do not have an email, that user will be alerted that they don’t have an email address and they will need a System Administrator to provide an email address in order for the user to proceed with Email MFA. |
| Allow Resending Email OTP After* | Displays a timer when Email OTP is used. The
resend OTP button will be disabled until the defined resend interval
has elapsed. Restrictions: Minimum 60 seconds, Maximum 300 seconds |
| Maximum Email OTP After Resend Attempts | The number of times the user can resend their
OTP. With every resend a counter will be maintained and will be
compared with this threshold value. When crossed, the following
message appears: "Max limit of number of OTP resend has been reached". Restrictions: Minimum 0, Maximum 5 |
| Clear TOTP Settings | Clear TOTP Settings allows authorized users to clear TOTP settings for members of a Login Policy. Enables when Authenticator App is selected as a multi-factor authentication method. Users can always clear their own TOTP settings on the General tab in My Info. Users can clear TOTP settings for others when Person: Clear Multi-Factor Authentication is granted in their system Authority. |
| Clear VCA Settings | Clear VCA Settings allows authorized users to clear VCA settings for members of a Login Policy. Enables when Email option is selected as a multi-factor authentication method. Users can always clear their own VCA settings on the General tab in My Info. Users can clear VCA settings for others when Person: Clear Multi-Factor Authentication is granted in their system Authority. |
LDAP or Active Directory must first be configured to enable this feature. The default file location is C:\Program Files\”Application Name”\configuration\security.properties
| Field Name | Login Policy Field Description |
|---|---|
| Authenticate User’s Via Domain | Grants user access to the application via the web or workstation using their domain login ID and password. |
| Domain Name | The domain name that will be used to authenticate user login IDs and passwords. |
| Acceptance | Defines password parameters. This section sets password parameters for telephone login purposes only, when Authenticate Users via Domain is enabled. |
| Format: Alphanumeric Limit: Ten characters |
| Field Name | Login Policy Field Description |
|---|---|
| Default Password | The password is set to this value when the application’s administrator or similar role resets a user's password. |
| Minimum Password Length | Defines the minimum number of characters that
the application will accept for the password. RESTRICTIONS -
Minimum(1, *8, **15) Maximum(40,**64).
*As of application version 7.4.4.2+ and 7.5.2+ the minimum password length value is required and preset to a minimum value of eight. **As of application version 7.5.4 the minimum Web password length field is required and preset to a minimum value of fifteen. The maximum value increased from forty to sixty-four. |
| Maximum Password Length | Defines the maximum number of characters that
the application will accept for the password. Format: Integer Maximum(40,
*64) *As of application version 7.5.4 the maximum password value increased from forty to sixty-four. |
| Maximum Repeated Characters | An integer value that represents the maximum
number of times a character can repeat in a password. For example,
if this value was set to 3:
As of version 7.5.4, the maximum number of repeated characters defaults to four and required. Values greater than four are not allowed. Values less than four, and greater than or equal to one are allowed. Applicable to Web and IVR login. |
| Maximum Consecutive Characters | An integer value, greater than 0, which represents
the maximum number of character a consecutive pattern can run for.
A consecutive pattern is defined as characters such as numbers running
from 0-9 or any subset increasing value or letters, case insensitive,
running from a-z. For example, if this value is set to 3:
|
| Prohibit Selecting Password that begins with | A single character field specifying that a
password cannot begin with this character. For example if this value
is set to X:
|
| Minimum Lowercase Characters | An integer value that represents the minimum
number of lowercase characters that can be used in a password. Defaults
to one. For example, if this value is set to 3:
As of application version 7.5.4+ at least three of the following fields must have a value greater than one: Minimum Lowercase Characters, Minimum Uppercase Characters, Minimum Digit Allowed, Minimum Special Characters. |
| Minimum Uppercase Characters | An integer value that represents the number
of times uppercase characters can be used in a password. Defaults
to one. For example, if this value is set to 3:
As of application version 7.5.4+ at least three of the following fields must have a value greater than one: Minimum Lowercase Characters, Minimum Uppercase Characters, Minimum Digit Allowed, Minimum Special Characters. |
| Minimum Digits Allowed | An integer value that represents the minimum
number of times (0-9) can be used in a password. Defaults
to one. For example, if this value is set to 3:
As of application version 7.5.4+ at least three of the following fields must have a value greater than one: Minimum Lowercase Characters, Minimum Uppercase Characters, Minimum Digit Allowed, Minimum Special Characters. |
| Minimum Special Characters | An integer value that represents the minimum
number of times special characters can be used in a password. For
example, if this value is set to 3:
As of application version 7.5.4+ at least three of the following fields must have a value greater than one: Minimum Lowercase Characters, Minimum Uppercase Characters, Minimum Digit Allowed, Minimum Special Characters. |
| *Prohibit passwords from the forbidden passwords list | When selected, prohibits users from using words from the forbidden password list. Required. |
| Idle Timeout _ minutes | Logs users out of the application after X amount of idle time has elapsed. Honors minutes that cross over midnight. RESTRICTIONS - Minimum (null, 1) Maximum 34,560 minutes (24 days). |
| Authenticate via Active Directory/LDAP | Authenticates users against an external Active Directory or LDAP provider rather than using internal Workforce TeleStaff accounts. Workforce TeleStaff usernames must match that of the AD/LDAP name. |
To enable these settings, go to: Setup > System > System Information > select Unique Phone Login Credentials
| Field Name | Login Policy Field Description |
|---|---|
| Default Password | The password is set to this value when the application’s administrator or similar role resets a user's password. |
| Minimum Password Length | Defines the minimum number of integers that
the application will accept for the password. Integer Minimum(1,
*6) Maximum(40, *64) *As of version 7.5.4 the minimum value is six. The maximum value for a minimum password length is 64. |
| Maximum Password Length | An integer value that defines the maximum number
of digits that the application will accept for the password. Integer Minimum(1) Maximum(40,*64) *As of version 7.5.4 maximum value is sixty-four. The minimum value for the maximum password length is six. |
| Maximum Repeated Digits | An integer value that defines the maximum number
of times a digit can repeat in a password. For example, if this
value was set to 3:
*As of version 7.5.4 this field is required and defaults to a maximum of four repeated characters. |
| Maximum Consecutive Digits | An integer value greater than 0 which represents
the maximum number of ascending digits within a pattern. A consecutive
pattern is defined as numbers running from 0 to 9 or any subset
increasing in value. For example, if this value was set to 3:
|
| Prohibit Selecting Password that begins with | A digit (0-9) specifying that a password cannot
begin with this digit. For example, if this value was set to 0:
|
Disallowed passwords are located in the PWD_Disallowed_TBL. System Administrators who have access to the application’s database tables can include additional passwords. In application version 7.4.4.2 the list of disallowed passwords increased with the addition of the forbidden password list.
Additionally, these password symbols are not supported: ^ ‘ & “