Login Policy Field Descriptions

General Field Descriptions

Field Name Login Policy Field Description
Name The label for the selected Login Policy.
Login Source Defines one or more ways in which users with this Login Policy can log into the application. Options are:
  • Inbound - Enables the user to log in and call the application to retrieve working opportunities, notifications, and messages - this is via Inbound, meaning the user is calling this application. This feature does not deny a user access to the application when an Administrator or similar role chooses to Outbound; for example, during an emergency a message is sent via the Outbound feature to all employees within the organization.The Outbound feature will send the message to all employees regardless of whether the Inbound source is checked. Users can login using their credentials when prompted and contacted by the system.
  • Web - Enables web login.
  • Workstation - Enables client login.
  • InTouch Timeclock Device - The login source required to use Workforce Ready InTouch timeclock devices with this application, without the timeclock will fail authentication. Visibility of field requires an InTouch Clock Integration license.1

Conditions Field Descriptions

Field Name Login Policy Field Description
Password Must Be Unique within _ days If the user changes their password, the application ensures that the password is unique within this time frame. RESTRICTIONS - Minimum (null, 1) Maximum(9999)
 
Note:

This field is typically used in conjunction with Force Change Every __ Days. For example, if the Login Policy forces a new password every 90 days, it can verify that an old password is not re-used within a year's time (the password is unique within 365 days).
Force Password Change Every _ days If users are required to change their passwords periodically, type that value in this field. RESTRICTIONS - Minimum(null, 1) Maximum(9999)
Force password change If default Forces users to change their password upon login when their password matches the default password.
Login Disabled When User Is Inactive After Force password change if default must be checked to enable this setting. Disables login credentials for a user who has not logged into the system after the number of consecutive days indicated in this field have elapsed. Must use a positive whole number greater than zero.
Note:

System administrators must reset the user’s password to the default password in order for the user to log back in and change their password.
Time Allowed for User to Reset Password Force password change if default must be checked to enable this setting. Grants the user this much time to log in using the default password and upon login forced to reset their password. Failure to log in within the time allowed will require the default password to be reset by authorized personnel and restarting the time allowed.
Failed Password Third Attempt Lockout _ minutes Denies the user access to the application for X number of minutes if the password fails to authenticate after three attempts. If this field is blank, then the user is never locked out due to repeated password failure attempts. RESTRICTIONS - Minimum(null, 1) Maximum(9999)
Unique Identifier System internal ID.

Active Directory/LDAP

LDAP or Active Directory must first be configured to enable this feature. The default file location is C:\Program Files\”Application Name”\configuration\security.properties
Field Name Login Policy Field Description
Authenticate User’s Via Domain Grants user access to the application via the web or workstation using their domain login ID and password.
Domain Name The domain name that will be used to authenticate user login IDs and passwords.
Acceptance Defines password parameters. This section sets password parameters for telephone login purposes only, when Authenticate Users via Domain is enabled.
  Format: Alphanumeric Limit: Ten characters

Login ID Password Field Descriptions

Field Name Login Policy Field Description
Default Password The password is set to this value when the application’s administrator or similar role resets a user's password.
Minimum Password Length Defines the minimum number of characters that the application will accept for the password. RESTRICTIONS - Minimum(1) Maximum(40)
Maximum Password Length Defines the maximum number of characters that the application will accept for the password. Format:Integer Minimum(1) Maximum(40)
Maximum Repeated Characters An integer value that represents the maximum number of times a character can repeat in a password. For example, if this value was set to 3:
  • 113322 is valid
  • 11113322 is invalid
  • abbBba is invalid
  • abababa is invalid
  • abababc is valid
Maximum Consecutive Characters An integer value, greater than 0, which represents the maximum number of character a consecutive pattern can run for. A consecutive pattern is defined as characters such as numbers running from 0-9 or any subset increasing value or letters, case insensitive, running from a-z. For example, if this value is set to 3:
  • 01234sometext is invalid
  • my6789password is invalid
  • abCdsometext is invalid
  • myEfgHpassword is invalid
  • 123abcefgi456 is valid
  • xyz123567 is valid
Prohibit Selecting Password that begins with A single character field specifying that a password cannot begin with this character. For example if this value is set to X:
  • x675 is invalid
  • ax8947 is valid
Idle Timeout _ minutes Logs users out of the application after X amount of idle time has elapsed. Honors minutes that cross over midnight. RESTRICTIONS - Minimum(null, 1) Maximum34,560 minutes (24 days).

Phone Policy Descriptions

To enable these settings, go to: Setup > System > System Information > select Unique Phone Login Credentials
Field Name Login Policy Field Description
Default Password The password is set to this value when the application’s administrator or similar role resets a user's password.
Minimum Password Length Defines the minimum number of integers that the application will accept for the password. Integer Minimum(1) Maximum(40)
Maximum Password Length An integer value that defines the maximum number of digits that the application will accept for the password. Integer Minimum(1) Maximum(40)
Maximum Repeated Digits An integer value that defines the maximum number of times a digit can repeat in a password. For example, if this value was set to 3:
  • 113322 is valid
  • 11113322 is invalid
Maximum Consecutive Digits An integer value greater than 0 which represents the maximum number of ascending digits within a pattern. A consecutive pattern is defined as numbers running from 0 to 9 or any subset increasing in value. For example, if this value was set to 3:
  • 01234 is invalid
  • 6789 is invalid
  • 43210 is invalid
  • 9876 is invalid
  • 678 is valid
  • 012 is valid
Prohibit Selecting Password that begins with A digit (0-9) specifying that a password cannot begin with this digit. For example, if this value was set to 0:
  • 0345 is invalid
  • 4056 is valid
  • 030202 is invalid

Disallowed Passwords

The following passwords are not allowed:
  • 1234
  • password
  • telestaff
  • kronos

These passwords are located in the PWD_Disallowed_TBL. System Administrators who have access to the application’s database tables can include additional passwords.

Note:

These password symbols are not supported:


^ ‘ & “

Parent topic: Setup Security
1 A System Administrator must have permission to access the Device Manager in System > Authority Levels to configure Device Manager settings.