Skip to main content

Security

Security

The Security Settings section in the admin portal provides a way to configure robust measures for securing user accounts and ensuring proper authentication during login, sign-up, and other account activities. These settings are essential for preventing unauthorized access, protecting sensitive information, and maintaining the integrity of the platform. Below is a detailed explanation of how to configure the Login Security, Captcha Setup, and Sign-up Security settings.

1. Navigation to Security Feature :

  • Login into the admin portal.

  • Navigate to the Config section by clicking on the Config icon in the portal menu.

  • Under My Organization section, click on the Security Configure link.

2. Login Security Setup :

  • Configure security protocols to protect user accounts from unauthorized access during login attempts.

  • Maximum Login Retries: Define the maximum number of failed login attempts a user is allowed before their account is temporarily locked.

    Example: Set this to 3 retries to limit brute-force attacks.

  • Account Unlock Time: Specify the duration (in minutes) for how long an account remains locked after exceeding the maximum failed login attempts.

    Example: If set to 15 minutes, the account will automatically unlock after 15 minutes.

  • Remember Me (Days): Configure how long the "Remember Me" feature will remember a user's email ID on the login screen.

    Example: Set this to 7 days to ensure users stay logged in for one week unless they log out manually.

  • Reset Password Expiry Time: Define the time (in hours) after which the reset password link sent via email will expire.

    Example: If set to 24 hours, the link will no longer be valid after one day.

  • Idle Session Timeout (Minutes): Set the time limit for an idle user session, after which the user will be automatically logged out.

    Example: If set to 30 minutes, users will be logged out after 30 minutes of inactivity.

3. Captcha Setup Security :

  • Add an extra layer of security to ensure that login, password recovery, or sign-up activities are performed by humans, not bots.

  • Toggle the Enable Captcha to enable or disable the CAPTCHA feature. When enabled, CAPTCHA will appear on the login, sign-up, or forgot password pages, depending on configuration.

  • Enter the CAPTCHA Site Key provided by your CAPTCHA service provider (e.g., Google reCAPTCHA). This key is required to integrate CAPTCHA functionality into your portal.

4. Signup Setup Security :

  • Configure security measures for user account creation to ensure authenticity and manage unverified accounts.

    • Verification Link Expiry (Hours): Define the validity period (in hours) for the verification link sent to users during the sign-up process.

      Example: If set to 24 hours, the user must verify their email within 24 hours, or the link will expire.

    • Remove Unverified Accounts: Specify the time frame (in days) for removing unverified user accounts from the system.

      Example: If set to 7 days, unverified accounts will be automatically deleted after one week.

4. Save the changes :

  • After setting up the parameters for Login, Captcha, and Sign-up security, click the Update button to save the changes.
  • A success message will appear "Security settings updated successfully."

5. Effect in User Portal :

  • Users will encounter CAPTCHA tests during Login attempts & Password recovery processes (e.g., Forgot Password page).