To define specific restrictions that will secure the way all users access the system, go to Administration > General Settings > Security:
- Lock Screen defines how long it should take before the lock screen is displayed for inactive users.
- Timeout Session refers to the time that should go before a user is automatically logged out.
- Password Length corresponds to the minimum number of character users' passwords require.The minimum password length is 6 characters, as a best practice we recommend at least 8.
- Automatic Expiry of User Passwords Defines the validity time period of user's passwords, when the time is reached an user will be forced to change passwords. This setting does not apply to API users.
- Lock User After Failed Logins Lets an administrator define when to automatically lock a user after "x" number of failed login attempts, within a specified minute timeframe. Locked users can then be unlocked by an administrator only, from Users section.
- IP Access Restrictions Lets an administrator define a whiltelist of approved IP addresses, devices must use one of the approved IP addresses in order to log in to Mambu. You can use the " * " symbol as a wildcard to customise IP restrictions. For example, you can add 146.52.178.* to allow access from all IP addresses from 18.104.22.168 to 22.214.171.124.
- Critical Actions Re-Authentication Forces the user to enter again the password when changing important settings, modifying users etc, for identity verification.