Credential policies are sets of rules that define user sign-in behavior at various levels of the hierarchy. For example, to facilitate user account security, VOSS Automate authenticates user sign-in credentials before allowing access to the system. Additionally, administrators can configure settings for events such as failed sign-in attempts and lockout duration.

Credential policies can be applied at any hierarchy level. A credential policy applied at a particular hierarchy defines allowed user sign-in behavior at that hierarchy.

While credential policies are not mandatory at specific hierarchy levels, a default credential policy is defined at the sys.hcs level.

Administrators at lower levels can copy and edit the default policy, if required, or they can save the default credential policy at their own hierarchy level so that it can be applied to users at that level.

If an administrator at a specific level of the hierarchy has not created a credential policy at their hierarchy level, the credential policy is inherited from the closest level above.

If a Provider administrator has defined a credential policy, but a Customer administrator has not defined a credential policy, the customer hierarchy automatically inherits the credential policy from the Provider level.

For each administrator user where IP address throttling (sign-in Limiting per Source) is required, a credential policy should be manually created and assigned. This credential policy must have an IP address, and username and email throttling enabled.

Credential policies are not applicable for SSO authenticated users. For LDAP synced users, only the session timeouts are applicable.

Default Hierarchy Settings

Default hierarchy settings is effectively a 'placeholder' used to store hierarchy default settings, for example a credential policy.

The default hierarchy setting can be cloned and saved at lower hierarchy levels as required. Default hierarchy settings can also be added at any required hierarchy level.

If administrators at the various levels do not create default hierarchy settings for their specific hierarchy level, then they are inherited from the closest hierarchy level above them. For example, if a Provider Administrator has default hierarchy settings for a credential policy, but a Customer Administrator below them has not, the customer automatically inherits the default hierarchy settings for the credential policy from the Provider level.

Model Details: data/HierarchyDefault

An asterisk * in the title indicates the field is mandatory.
If a field has a default value, it is shown in the Description column.
If the field type is an array, the Field Name has a .[n] suffix, where n is the array index placeholder.
Object and array field names are listed to provide context. If a field belongs to an object or an array, the full field name is shown in dot separated notation.

Title															Description																				Details
Name *															Name of the hierarchy default setting container.																				Field Name: name Type: String
Credential Policy															Specifies the default credential policy.																				Field Name: credential_policy Type: String Target: data/CredentialPolicy Format: uri

Model: data/HierarchyDefault

Credential Policy

Default Hierarchy Settings

Model Details: data/HierarchyDefault