Security PolicySection ''Security Policy'' is where you may set further restrictions on the security policy for your contact center. Note that the settings you configure may not be weaker than what is defined by your service provider; if defined, the service provider settings are displayed next to the settings in this section. Any attempts to set a value weaker than the default service provider settings will produce a descriptive error message and is blocked.Your system can be configured for automatic lock out of a user account after a number of unsuccessful login attempts. An account locked-out in this manner can be subsequently unlocked either manually or automatically after a configured timeout.You can also configure the system to force your users to change their passwords after a specified number of days, prevent them from submitting previously used passwords, and automatically disable inactive accounts.Note that your service provider may also impose some password complexity rules, such as minimum password length, mandatory use of various character groups, and exclusion of weak passwords (e.g., usernames). If any such rules are imposed, you cannot change them. You should get descriptions of these rules from your service provider and inform your personnel about them.To configure security policy settings, select the '''Security Policy''' option from the ''Security'' menu.[[File:Securitypolicy.png|800px|thumb|center|Security > Security Policy]]The ''Security Policy'' screen properties are described as follows.Checking this box indicates that the account lockout option is enabled.To comply with the PCI DSS security standard, this option must be enabled.This property specifies the number of consecutive unsuccessful login attempts after which the account will be locked out.To comply with the PCI DSS security standard, set this parameter to at least six attempts.This property specifies the amount of time after which the counter of unsuccessful login attempts will be reset.''Lockout duration'' is the amount of time after which a locked-out account will be unlocked automatically. To disable auto-unlocking, set this parameter to “0” (zero), in which case, locked-out accounts can be [[contact-center-administrator-guide/Users|unlocked manually]] only. To comply with the PCI DSS security standard, set this parameter to at least 30 minutes.This section allows you to define various password complexity requirements; the settings you configure may not be weaker than what is defined by your service provider. Note that passwords can be checked against usernames and your service provider’s list of weak passwords.'''Notes''':* Any modifications of password complexity rules at any level will immediately apply to all new attempts to set or change a password via any method (e.g., self, admin, import, APIs, auto-generation).* Existing users will not be affected by modifications of password complexity rules until they change their passwords.* When setting/changing passwords via user import or API, any attempt to use an invalid password will result in an error message indicating that the password does not comply with the security policy:* The error message will be provided with respect to the specific users whose passwords do not comply.The ''Password history'' section allows you to prevent the user from submitting a new password that is the same as any of the specified number of previous passwords that the user used.To comply with the PCI DSS security standard, select the checkbox for ''Check against previously used passwords''.To comply with the PCI DSS security standard, set the number to 4 (or greater).The ''Expiration policy'' section provides control over how often users will be required to change their passwords and after how many days inactive user accounts will be disabled.This parameter allows you to specify how often users will be required to change their passwords. To comply with the PCI DSS security standard, set this parameter to no more than 90 days.This parameter allows you to specify after how many days inactive user accounts will be disabled. To comply with the PCI DSS security standard, set this parameter to no more than 90 days.This parameter allows you to define the Contact Center Administrator application users that will be exempt from being disabled on inactivity. Note that API users will no longer be disabled due to inactivity (i.e., API usage now counts as account activity).
Note that the settings you configure may not be weaker than what is defined by your service provider; if defined, the service provider settings are displayed next to the settings in this section. Any attempts to set a value weaker than the default service provider settings will produce a descriptive error message and is blocked.
Note that your service provider may also impose some password complexity rules, such as minimum password length, mandatory use of various character groups, and exclusion of weak passwords (e.g., usernames). If any such rules are imposed, you cannot change them. You should get descriptions of these rules from your service provider and inform your personnel about them.
This section allows you to define various password complexity requirements; the settings you configure may not be weaker than what is defined by your service provider. Note that passwords can be checked against usernames and your service provider’s list of weak passwords.
Notes:
Any modifications of password complexity rules at any level will immediately apply to all new attempts to set or change a password via any method (e.g., self, admin, import, APIs, auto-generation).
Existing users will not be affected by modifications of password complexity rules until they change their passwords.
When setting/changing passwords via user import or API, any attempt to use an invalid password will result in an error message indicating that the password does not comply with the security policy:
The error message will be provided with respect to the specific users whose passwords do not comply.
Exceptions, these user accounts will not be disabled on inactivity
This parameter allows you to define the Contact Center Administrator application users that will be exempt from being disabled on inactivity. Note that API users will no longer be disabled due to inactivity (i.e., API usage now counts as account activity).
