VOSS-4-UC helps secure user accounts by authenticating user sign-in credentials before allowing system access. Administrators can specify settings for, among other things, failed sign-in attempts, lockout durations, password reset questions, and so on. The number of questions in the Password Reset Question Pool must be equal to (or more than) the number set in the Number of Questions Asked During Password Reset field. Collectively, these rules form a credential policy, which can be applied at any hierarchy level, and determine user sign-in behavior at that specific level.

A credential policy is not mandatory at specific levels in the hierarchy. However, a default credential policy is provided at the sys.hcs level. Administrators at lower levels can copy and edit this default policy if necessary. Administrators can also save it at their own hierarchy level so that it can be applied to the associated users at that level. If the administrators at the various levels do not create a credential policy at their level, it is inherited from the closest level above them. If a Provider Administrator has defined a credential policy, but a Customer Administrator has not, the customer automatically inherits the credential policy from the Provider. A different credential policy can also be defined for each user.

For each administrator user where IP address throttling (sign-in Limiting per Source) is required, manually create and assign a credential policy. The credential policy must have IP address, and username and email throttling enabled.

Note

Credential Policies are not applicable for SSO authenticated users. For LDAP Synched users, only the session timeouts are applicable.

Model Details: data/HierarchyDefault

An asterisk * in the title indicates the field is mandatory.
If a field has a default value, it is shown in the Description column.
If the field type is an array, the Field Name has a .[n] suffix, where n is the array index placeholder.
Object and array field names are listed to provide context. If a field belongs to an object or an array, the full field name is shown in dot separated notation.

Title															Description																				Details
Name *															Name of the hierarchy default setting container.																				Field Name: name Type: String
Credential Policy															Specifies the default credential policy.																				Field Name: credential_policy Type: String Target: data/CredentialPolicy Format: uri

Model: data/HierarchyDefault

Credential Policy

Model Details: data/HierarchyDefault