Credential Policies¶
Overview¶
Credential policies are sets of rules that define user sign-in behavior at various levels of the hierarchy. For example, to facilitate user account security, VOSS Automate authenticates user sign-in credentials before allowing access to the system. Additionally, administrators can configure settings for events such as failed sign-in attempts and lockout duration.
Note
The number of questions in the Password Reset Question Pool must be equal to (or more than) the number set in the Number of Questions Asked During Password Reset field.
As at 21.2, only the legacy Admin GUI provides access to the password reset questions (click your profile name at the top right of the screen). This feature is reserved for future development in the Admin Portal and the Business Admin Portal.
Credential policies can be applied at any hierarchy level. A credential policy applied at a particular hierarchy defines allowed user sign-in behavior at that hierarchy.
Default Credential Policy¶
While credential policies are not mandatory at specific hierarchy levels, a default credential policy is defined at the sys.hcs level.
Administrators at lower levels can copy and edit the default policy, if required, or they can save the default credential policy at their own hierarchy level so that it can be applied to users at that level.
Inherited Credential Policies¶
If an administrator at a specific level of the hierarchy has not created a credential policy at their hierarchy level, the credential policy is inherited from the closest level above.
If a Provider administrator has defined a credential policy, but a Customer administrator has not defined a credential policy, the customer hierarchy automatically inherits the credential policy from the Provider level.
Custom Credential Policies¶
A different credential policy can be defined for each user.
For each administrator user where IP address throttling (sign-in Limiting per Source) is required, a credential policy should be manually created and assigned. This credential policy must have an IP address, and username and email throttling enabled.
Credential Policies, SSO Authenticated Users, and LDAP Synced Users¶
Credential policies are not applicable for SSO authenticated users. For LDAP synced users, only the session timeouts are applicable.