INFO: Version en.xModule type:

System settings - User

In the system settings, various general settings for login, session duration, etc. can be made for users via the 'User administration' tab.

System settings - User
System settings - User

Operation

'Password rules':

You can optionally enter values for password rules in this field. Example rules can be found below the field.
8,aA1$ in the input field means e.g:

  • Minimum number of characters - here "8,"
  • Lower case letters must be included - "a"
  • Capital letters must be included - "A"
  • Numbers must be included - "1"
  • Special characters must be included - "$"

These password guidelines apply in general, i.e. also for administrators. Current Weblics® such as user registration, login form, forgot password and change password also support this.

'Password rules for public users':

In this field you can optionally enter values for password rules that relate specifically to public users. These can, for example, be slightly weaker rules compared to maintenance users if there are no general security concerns.

'Do not allow previously used passwords to be used again':

If this parameter is activated, passwords that have already been used cannot be used again by the corresponding user. If this setting is activated, these are stored when the user's password is changed.

'Activate login lock':

If this parameter is activated, a user is blocked after the number of incorrect login attempts specified in the'Possible incorrect login attempts' field. The block remains in place for the duration set under'Time period in seconds for which an IP address is blocked'. The block is therefore based on the IP address with which a user has logged in.

'Activate session TANs':

If this parameter is activated, a user of the Administrator user type can use the user simulation. This enables them to call up the view for a care user or anonymous visitor (site visitor) via a user simulation domain entered in the project configuration.

'Possible incorrect login attempts':

In this field, you can optionally enter the number of possible incorrect login attempts. This entry only has an effect if the'Activate login blocking' field is activated.

'Time period in seconds for which an IP address is blocked':

In this field, you can optionally enter the duration in seconds for blocking logins if the number of incorrect login attempts is exceeded. This entry only has an effect if the'Activate blocking of logins' field is activated.

'Two-factor authentication for administrators':

Using this selection box, you can optionally specify the number of recent logins that will be used as the basis for requiring two-factor authentication (2FA). This means that 2FA is only required for administrators if the client ID does not correspond to one of the last X logins.

'Two-factor authentication for editors':

You can use this selection box to optionally specify the number of recent logins that are used as the basis for requiring two-factor authentication (2FA). This means that 2FA is only required for editors if the client ID does not correspond to one of the last X logins.

'Multi-factor TAN sent by e-mail':

You can use this selection box to specify how the TAN for two-factor authentication should be composed:

  • 4 numbers
  • 6 alphanumeric characters