[]
        
(Showing Draft Content)

Security Settings

The admin can manage security settings for the users by configuring a strong password policy, user-locked time, password reset options, and cookie lifetime settings. In this help article, you will find the following information on security settings,

Configure Strong Password Policy

The default password policy on the Wyn Enterprise Portal only requires the password length to be between 1-32 characters and can contain any character. Enabling a strong password policy makes it improbable for someone to intrude into the account of a user.

  1. Navigate to Account > Security Settings.

  2. Select the Yes radio button next to Enable strong password policy.

  3. Click the Save button to save the changes.

The strong password policy has the following traits:

  • Password complexity: Combining numbers and uppercase or lowercase letters can make a password more complex. Password should contain at least 1 number, 1 uppercase letter, and 1 lowercase letter.

  • Password length: Lengthy passwords with complex combinations of characters are difficult to guess. So, longer passwords with character lengths between 8 and 32 are recommended.

When the strong password policy is enabled, the admin is prompted to enter a strong password while adding a user by clicking the Add User button in the User interface.

         

Strong Password

User Locked Time

If a user enters a wrong username or password for 5 times in succession, he gets locked out for a definite period of time. This period is known as the User Locked Time. The default locked time is 60 minutes, but you can change it as required. If you set the locked time to 0, it will disable the locking behavior altogether. It means that the user will not have to wait for a locked time and will be able to attempt login again.

  1. Navigate to Account > Security Settings.

  2. Edit the lock time next to User locked time(minutes).

  3. Click the Save button to save the changes.


    Now, if the admin sets the locked period to 10 minutes in the Security Settings, this will be visible on the Wyn Enterprise Portal.

    Screen Displaying User Entered Wrong Credentials Information

Allow User Reset Password

As an admin of the Wyn Enterprise application, you can control the users from resetting their login passwords using the Allow User Reset Password setting. To configure this option,

  1. Under Security Settings, locate the Allow User Reset Password setting option. Toggle between the Yes and No radio buttons to enable or disable this feature. By default, the Allow User Reset Password option is set to No.

    SecuritySettings-AllowResetPass

  2. When the Allow User Reset Password option is set to Yes, users can reset their Wyn login passwords directly from the login page using the Forgot Password? option.

    image

A user can set the duration of the cookies (in days) to be stored on the device during a session by using Cookie lifetime settings.

There are two options to set the lifetime:

  • Default lifetime: This sets the default lifetime duration of the cookies if the Remember me checkbox is not selected on the login screen.

  • Remember me: If the Remember me checkbox is selected while logging in, then the cookies will be stored for the number of days mentioned in the "Remember me" field.

The default values displayed in the fields Default lifetime and Remember me are based on the installation scenarios as follows:

Upgraded Wyn Application

If the Wyn application is upgraded from the 6.0 initial release version or lower, then the Default lifetime value is set to 14 days, and Remember me value is set to 30 days. So, if the user selects the "Remember me" checkbox on the login screen, then the cookies will be stored for 30 days, else cookies will be stored for 14 days.

Fresh Wyn Installation

If there is a fresh installation of the Wyn application version 6.0 MU1 or higher, then the Default lifetime value is set to 0 days, and Remember me value is set to 14 days. So, if the user selects the "Remember me" checkbox on the login screen, then the cookies will be stored for 14 days, else cookies will not be stored, and it will be a session cookie. The session will end when the browser is closed.

Note: Settings are not impacted for other login methods, such as logging in with external OAuth providers.

A user also has an option to change the Cookie lifetime values as per the requirement.


To modify and update the Cookie lifetime settings, perform the following steps:

  1. Under the Cookie lifetime settings (in days) enter the values for the "Default lifetime" and "Remember me" fields, or click the - and + signs to set the desired value.


    Cookie Lifetime Settings

  2. Click the Save button. The settings will be saved and updated.