Login |
The Login tab enables you to set rules for user login. These include options to disable login accounts after a specified number of unsuccessful login attempts or after a specified number of days of inactivity. Failed logins are tracked by IP address, and you can block IP addresses after a specified number of failed attempts.
Security options and rules
Data in the fields in the bottom section of this tab specify the requirements regarding user logins. All fields are optional.
Disable user login account after ___ days of inactivity
Number of days after which a user ID will be disabled if has not been used to log in. If this field is left blank, the user ID remains valid indefinitely.
Close GUI after ___ consecutive unsuccessful login attempts
Number of times a user is allowed to attempt to log in after which the application closes. Whether the user tries an invalid user name but correct password or vice versa, the application shuts down after the specified number of unsuccessful attempts.
Disable user login account after this many unsuccessful consecutive login attempts
If this box has a check, then a user may attempt to log in the number of times specified in the Close GUI after ___ consecutive unsuccessful login attempts field. If the user fails to log in successfully within the specified number of times, his or her login ID is disabled. The limit refers to sequential login attempts, so if another user ID is attempted the password attempt count is reset for the original user ID.
For example, logins will be disabled after three unsuccessful login attempts. UserID1 makes two unsuccessful login attempts. UserID2 then logs in successfully. If UserID1 tries to log in again, it will be allowed three consecutive attempts before being disabled.
Block IP address from login after ___ failed attempts
Number of times a user is allowed to attempt to log in using a specific IP address after which the address is blocked. Whether the user tries an invalid user name but correct password or vice versa, the address will be blocked after the specified number of unsuccessful attempts. The information is stored in the LOG_SECURITY table.
To block an IP address, use the System Mgmt -> Setup -> Access Rights -> IP Block List screen.
Tip: If you have implemented and are using Web Modules, you must disable this option. Set the field value to zero.
Disconnect idle users after ___ minutes of inactivity
Number of minutes a logged in user may remain inactive after which the application closes. The user will not receive a warning. If a screen is open in edit mode and the user has let it sit idle for the number of minutes specified in this field, the application shuts down and any unprocessed changes are lost.
Tip: This feature does not apply to Web Modules.
_______________