Log-In Options Settings

  • 3 minute(s) read
Prev Next

Login settings provide a secure and reliable authentication experience by allowing administrators to manage user access and enforce security measures. As an administrator, you can:

  • Enforce password policies to maintain security standards.

  • Enable and configure two-factor authentication (2FA) for added protection.

View the Log-In Options

Permissions

Your user account or group membership must have the "Settings: View Settings" permission to view Password Policies unless your user account has the Make this user a Super Admin setting selected.

See the Settings permissions or ask your Administrator for assistance.

Follow these steps to view the Log-In Options settings:

  1. Ensure that you are logged on to ProcessMaker Platform.

  2. Click the Admin option from the top menu to view the Users page.

  3. Click the Settings icon from the left sidebar to view all settings.

  4. From the Settings panel on the left, expand the Log-in & Auth section.

  5. Select Log-In Options to view the following details:

    • Setting: The Setting column displays the Log-In Options Setting name.

    • Configuration: The Configuration column displays the setting value and how it is configured.

Log-In Options within the "Settings" page

Configure the Log-In Options

Permissions

Your user account or group membership must have the "Settings: Update Settings" permission to edit settings from the Log-In Options tab unless your user account has the Make this user a Super Admin setting selected.

See the Settings permissions or ask your Administrator for assistance.

The following settings can be configured in the Log-In Options tab:

Set Password Policies

Follow these steps to enable a user to change their password:

  1. Enable the Password Set By User toggle key to allow users to change their passwords. When this setting is enabled, users are able to change their passwords when editing their user profile.

  2. If this setting is toggled off, users won't have the option to update their password while editing their user profile.

    Note:

    This setting applies to all users except Super Admins. Users with Super Admin permissions will always have the ability to change passwords.

  3. Enable the Numeric Characters toggle key to allow numeric characters in passwords.

  4. Enable the Uppercase Characters toggle key to allow uppercase characters.

  5. Enable the Special Characters toggle key to allow special characters.

  6. Click the Edit icon for the Maximum Length setting to set the maximum password length.

  7. Enter the maximum number of characters allowed for the password, and click Save.

  8. Click the Edit icon for the Minimum Length setting to set the minimum password length.

  9. Enter the minimum number of characters allowed for the password, and click Save.

  10. Click the Edit icon for the Password Expiration setting.  

  11. Enter the number of days after which a password will expire, and click Save.

  12. Click the Edit icon for the Login Failed setting.

  13. Enter a number of consecutive unsuccessful login attempts before blocking the login action, and click Save.

Enable Two-Factor Authentication

Enhance login security by enabling two-factor authentication for user verification.

Follow these steps to set up two-factor authentication (2FA):

  1. Enable the Require Two Step Authentication toggle key.

  2. Click the Edit icon for the Two Step Authentication Method setting.

  3. Select one or more authentication methods:

    • Select By email to send the code to your account email. An email address must be configured in user properties.

    • Select By message to phone number to send the code to your account phone number. A phone number must be configured in user properties.

      Code Validity

      Users receive a one-time security code by email or phone after successfully entering their username and password. The code is valid for 1 minute from the time it is generated. If the code expires before it is used, the user must restart the login process to receive a new authentication code.

  4. Click Save to save all changes.

Two-step authentication must also be enabled in group-level settings.

Two-Step Authentication for SSO and Active Directory Users

  • If  SSO is enabled, the Two-Step Authentication setting is bypassed for SSO users, allowing them to log in without it.

  • Additionally, Two-Step Authentication is also bypassed when users authenticate against Active Directory.

  • Non-SSO and non-Active Directory users must still enter two-step verification codes to log in.