Credential Policies#

Tutorial: videocam
11-3-3-CredentialPolicy

If you found this video helpful, you can find more at Tutorials Home.

Overview#

Credential policies are sets of rules that define user sign-in behavior at various levels of the hierarchy. For example, to facilitate user account security, VOSS Automate authenticates user sign-in credentials before allowing access to the system. Additionally, administrators can configure settings for events such as failed sign-in attempts and lockout duration.

Credential policies can be applied at any hierarchy level. A credential policy applied at a particular hierarchy defines allowed user sign-in behavior at that hierarchy.

Related Topics

Default Credential Policy#

While credential policies are not mandatory at specific hierarchy levels, a default credential policy is defined at the sys.hcs level.

Administrators at lower levels can copy and edit the default policy, if required, or they can save the default credential policy at their own hierarchy level so that it can be applied to users at that level.

Inherited Credential Policies#

If an administrator at a specific level of the hierarchy has not created a credential policy at their hierarchy level, the credential policy is inherited from the closest level above.

If a Provider administrator has defined a credential policy, but a Customer administrator has not defined a credential policy, the customer hierarchy automatically inherits the credential policy from the Provider level.

Custom Credential Policies#

A different credential policy can be defined for each user.

For each administrator user where IP address throttling (sign-in Limiting per Source) is required, a credential policy should be manually created and assigned. This credential policy must have an IP address, and username and email throttling enabled.

Related Topics

Credential Policies, SSO Authenticated Users, and LDAP Synced Users#

Credential policies are not applicable for SSO authenticated users. For LDAP synced users, only the session timeouts are applicable.