Manage Security Rules

  1. Select Admin > System > Settings.

  2. Select the Security tab.

  3. Make sure Application is selected as the logon authentication option.

  4. In the Application Authentication area, specify the rules that apply to passwords:

    1. In the Minimum password length field, enter the minimum number of characters required for passwords.

    2. In the Maximum password length field, enter the maximum number of characters required for passwords.

    3. In the Password expires in (days) field, enter the number of days after which users must change their password.

    4. In the Remember ‘nn’ passwords field, enter the number of previous passwords for ICM to remember.

      A user can't reuse a password that's stored in ICM.

    5. Select the Allow direct logon from Windows checkbox to let users run ICM without signing on.

      If you select this checkbox, when a user logs on to Windows, ICM will verify their ID.

      The logon screen won't display. The Home screen will open automatically.

      When they select System > Logoff, they can use the sign-in screen to log on automatically with their current user ID, or log on as a different user.

  5. In the User logons area, specify the rules that apply to logon attempts:

    1. In the Number of sessions allowed field, enter the maximum number of sessions a user can be logged in to at a time.

      If a user exceeds the maximum permitted number of concurrent logons, they'll be notified of this.

      They won't be notified if the password validation happens when you're resetting another user's password.

      The default value is zero. This means there's no limit to how many sessions a user can log in to.

    2. In the Number of invalid attempts field, enter the maximum number of invalid password attempts allowed at one time before the user needs to reset their password.

      A warning will display before the user makes their final permitted invalid password attempt.

  6. In the User deactivation area, specify the rules that apply to deactivating users:

    1. In the Number of mins inactivity ... field, enter the number of minutes a user can be inactive for before they're logged off.

    2. In the Number of days ... field, enter the number of days after which an inactive user has access disabled.

      An inactive user is someone who hasn't logged in for the amount of time specified.

      After the specified amount of time, any user who hasn't logged on is prevented from doing so until you re-enable that user.

  7. Select Save.