Skip to main content
Mitratech Success Center

Client Support Center

Need help? Click a product group below to select your application and get access to knowledge articles, webinars, training content, and release notes or to contact our support team.

Authorized users - log in to create a ticket, view tickets status and check your success plan details.

 

Security Settings

Security Settings

You can perform the following tasks on the Admin Settings Security page:

Defining the User Password Policy

Use the Security page to define your company's password policy as follows:

  • Password Parameters—Set the guidelines that users must follow when creating log in passwords and how frequently users must change their passwords.
  • Account Lockout—Set whether or not users are locked out of the system after multiple unsuccessful login attempts.
  • Display Password Policy—Choose to display your company's complete password policy on the change password page when a user is prompted to change a password.
  • Account Expiration—Set whether or not user accounts expire after a specified period of inactivity.
  • Password Reset—Set whether or not users can reset their own password from the login screen. This reset will be accomplished by an automated single-use reset email. For more information on how a user would reset in this method, see Logging In.

Note: If you are an existing user, your current password is not affected by password policy changes. If you attempt to change your password, you must then adhere to the new policies when creating a password. When you change an existing user's password on the General tab of the user account, all of the password policy settings apply to the new password, except for the Minimum Age setting. This allows you to change a user's password immediately when necessary.

To define the user password policy

  1. Click the Admin tab.
  2. Click Admin Settings under the tab bar.
  3. In the left pane, click the Security link.
    The Security page opens.
    See the Security Page - Password Account Settings fields table for specific field information.

Setting Password Parameters

(Optional) In the Password Parameters section, edit the appropriate fields. Leaving the default "0" in a field means that you do not want to set criteria for that option. See the Security Page - Password Account Settings fields table for specific field information. 
Note: Passwords with more than 50 characters can result in a user being locked out of the system.

Screen Shot 2017-09-20 at 3.10.59 PM.png

Displaying the Password Policy

(optional) Click the Always show password policy on change password screen check-box to display the password policy details that you selected on the Password Parameters screen whenever a user is prompted to change a password.

This also allows the password policy to appear on the Reset Password page in user preferences. See Changing Password for more information.

The graphic below displays the text that users may see on the change password screen and the Reset Password page if this check-box is selected:

Setting Account Lockout

(Optional) In the Account Lockout section, check Enable User Lockout, and then enter the appropriate information. See the Security Page - Password Account Settings fields table for specific field information. If you clear this check-box, users are never locked out of their accounts for too many login attempts or time interval/duration violations.

Screen Shot 2017-09-20 at 3.13.15 PM.png

Setting Account Expiration

(optional) In the Account Expiration section, enter the number of days of inactivity that cause the account to expire. The default value for this field is zero. If the value is set to zero, the inactivity expiration will never occur.

Screen Shot 2017-09-20 at 3.15.04 PM.png

To set account expiration, click Update.

TeamConnect enforces the password policy the next time users try to log in. Users are prompted to change their password if it does not meet the specified criteria.

Enabling AutoComplete for User Name on the Log In Page

(optional) If you leave the AutoComplete Settings check-box selected, when you begin to enter a User Name on the TeamConnect log in page, a pop-up suggests names that you can choose from based on names that you previously entered on the log in page. If you unselect this check-box, the auto complete feature is disabled.

Security Page - Password Account Settings Field Descriptions

Section

Field Name and Description

Password Parameters

  • Minimum Age (days)—Enter the minimum number of days that a user must keep an existing password before it can be changed. This setting is based on the date that the password is set or changed.
    This setting only applies to an end user's ability to change their password on the Password Settings screen or from the login screen. Administrators can change user passwords from user accounts' General tab.
  • Maximum Age (days)—Enter the maximum number of days before a user has to change an existing password. This setting is based on the date that the password is set or changed.
  • Minimum password length—Enter the minimum number of characters, alpha and numeric) required for a password.
  • Maximum password length—Enter the maximum number of characters (alpha and numeric) required for a password.
  • Minimum Alpha Characters—Enter the minimum number of letters (A - Z and/or a - z) that must be included in the password.
  • Must contain both upper and lower case letters—If selected, the password must contain lower and upper case letters, such as WeDnesDay.
  • Minimum Numeric Characters—Enter the minimum number of numbers that must be included in the password.
  • Minimum Special Characters—Enter the minimum number of special characters that must be included in the password. For example *, &, #, @ are all special characters.
  • Number of passwords stored—Enter the number of previously used passwords that TeamConnect should not allow users to reuse.

    Note: For the options above, leaving the default "0" in a field means that you do not want to set criteria for that option.
     
  • Cannot contain more than two consecutive identical characters— If selected, the password may not contain more than two consecutive letters or numbers.
  • Cannot contain user name, first name or last name—If selected, the password cannot contain the user's first or last name.
  • Always show password policy on change password screen—If selected, in the user interface, the complete password policy displays on the change password page when a user is prompted to change a password. This also allows the password policy to appear on the Reset Password page in user preferences.

Account Lockout

  • Enable User Lockout—Select this check-box to lock a user's account after a specified number of consecutive, unsuccessful login attempts. Once this number is reached, the user can no longer log in and must contact an administrator.

    By default, this feature is disabled, which means that users can make an unlimited number of unsuccessful login attempts without getting locked out.

    NoteThe following fields are only available if the Enable User Lockout check-box is selected.
     
  • Number of login attempts allowed—Enter the maximum number of failed login attempts before a user's account is locked. 5 is the default.
  • Time interval (minutes)—Enter the number of minutes TeamConnect observes and counts failed login attempts. 30 minutes is the default.
  • Lockout duration (minutes)—The length of time that a locked out user must wait before trying to log in again.

Account Expiration

Expire accounts after a period of inactivity (days)—Enter the number of days after which the account expires due to a lack of activity. The default value is zero, which means that accounts never expire.

AutoComplete Settings

Allow AutoComplete for User Name—If you select this option, when you begin to enter the first few characters of a User Name on the TeamConnect log in page, a pop-up suggests names that you can choose from based on names that you previously used on the log in page.

Configuring User Authentication

Use the Authentication Plug-in section of the Admin Settings Security page to choose the default authentication method used by TeamConnect. Authentication is the process of comparing the username and password entered in the TeamConnect login screen to those stored in the database. If the information matches, the user is allowed access to TeamConnect.

The Standard Authentication plug-in is the default authentication method and logs the user into TeamConnect only. This is a secure method, but your organization might choose to integrate the TeamConnect authentication process with a network-wide method. The selected default method applies to all users except those that you specifically override.

Plug-ins are categorized based on their effect on the login process. The two main types of authentication plug-ins are:

  • Standard Authentication—Allows users to bypass the login screen. If you load an authentication plug-in that has standard sign-on support, users do not see the login screen or enter a username and password because they are authenticated at the network level. If standard authentication is enabled, no other standard sign-on mechanism can be used.
  • Non-standard Authentication—Allows the identity verification to be handled by an external mechanism used in your environment. This type of plug-in allows authentication to be performed by your local network method, but still requires users to log in to TeamConnect by entering a username and password. You can install various non-standard sign-in plug-ins, and then select which one is used on a per user basis.

Note: In order to have a choice of authentication methods, the appropriate configuration files must be edited and plug-ins must be installed as described in Authentication.

Regardless of the plug-in that you select, only Standard authentication is used for the TeamConnect Admin and System user accounts and you cannot change it.

Single Sign-on

If you plan to use a single sign-on method such as NTLM or LDAP, it must be the default authentication method. It is not possible to have Standard Authenticator as the default while overriding a few individual users with NTLM or LDAP.

When single sign-on is the default authentication method, you cannot override a few individual users with standard authentication. Instead, for those users, you must ensure that they use the regular login URL, then append standardLogin to the end of the URL, to force the use of standard authentication.

For information about how to override authentication for individual users, see Creating or Editing Users.

To configure user authentication

  1. Select the Admin tab.
  2. Click Admin Settings under the tab bar.
  3. In the left pane, click the Security link.
    The Security page opens.
  4. In the Authentication Plug-in section, click the Reload button to refresh any recently changed or added authentication methods.
    Screen Shot 2017-09-20 at 3.31.04 PM.png
  5. In the Default Authentication Method drop-down list, select the method that you want to use as the default.
    The method that is currently the default has (System default) at the end of its name.
  6. If additional fields appear as a result of the method you select, complete the appropriate fields, such as the URL where all user login information is stored for LDAP.
  7. Click Upload.

All users who are configured in their user accounts to be authenticated by the selected mechanism are now authenticated using that method.