Security Settings
The admin can manage security settings for the users by configuring strong password policy, user locked time, and cookie lifetime settings.
Configure Strong Password Policy
The default password policy on Wyn Enterprise Portal only requires the password length to be between 1-32 characters, and can contain any character. Enabling a strong password policy makes it improbable for someone to intrude into the account of a user.
Navigate to Account > Security Settings.
Select the Yes radio button next to Enable strong password policy.
Click the Save button to save the changes.
The strong password policy has the following traits:
Password complexity: The combination of numbers and uppercase or lowercase letters can make a password more complex. Password should contain at least 1 number, 1 uppercase letter and 1 lowercase letter.
Password length: Lengthy passwords with complex combination of characters are difficult to guess. So, longer passwords with character length between 8 and 32 are recommended.
When the strong password policy is enabled, the admin is prompted to enter a strong password while adding a user by clicking the Add User button in the User interface.
User Locked Time
If a user enters a wrong username or password for 5 times in succession, he gets locked out for a definite period of time. This period is known as the User Locked Time. The default locked time is 60 minutes, but you can change it as required. If you set the locked time to 0, it will disable the locking behavior altogether. It means that the user will not have to wait for a locked time and will be able to attempt login again.
Navigate to Account > Security Settings.
Edit the lock time next to User locked time(minutes).
Click the Save button to save the changes.
Now, if the admin sets the locked period to 10 minutes in the Security Settings, this will be visible on the Wyn Enterprise Portal.
Cookie Lifetime Settings
A user can set the duration of the cookies (in days) to be stored on the device during a session by using Cookie lifetime settings.
There are two options to set the lifetime:
Default lifetime: This sets the default lifetime duration of the cookies if the Remember me checkbox is not selected on the login screen.
Remember me: If the Remember me checkbox is selected while logging in, then the cookies will be stored for the number of days mentioned in the "Remember me" field.
The default values displayed in the fields Default lifetime and Remember me are based on the installation scenarios as follows:
Upgraded Wyn Application
If the Wyn application is upgraded from the 6.0 initial release version or lower, then the Default lifetime value is set to 14 days, and Remember me value is set to 30 days. So, if the user selects the "Remember me" checkbox on the login screen, then the cookies will be stored for 30 days, else cookies will be stored for 14 days.
Fresh Wyn Installation
If there is a fresh installation of the Wyn application version 6.0 MU1 or higher, then the Default lifetime value is set to 0 days, and Remember me value is set to 14 days. So, if the user selects the "Remember me" checkbox on the login screen, then the cookies will be stored for 14 days, else cookies will not be stored, and it will be a session cookie. The session will end when the browser is closed.
Note: Settings are not impacted for other login methods, such as logging in with external OAuth providers.
A user also has an option to change the Cookie lifetime values as per the requirement.
To modify and update the Cookie lifetime settings, perform the following steps:
Under the Cookie lifetime settings (in days) enter the values for the "Default lifetime" and "Remember me" fields, or click the - and + signs to set the desired value.
Click the Save button. The settings will be saved and updated.