Security tab in Space General options
Overview
The Security tab is only available for operators with admin rights (admin operator).
This section covers the password management in Space. As well as explaining the main operator password options, it also indicates how to enable the Lightweight Directory Access Protocol (LDAP) for both operators and users. Space is compatible with Service Directories which support the LDAP Protocol. The Enforce password policy is enabled by default when creating a new system.
Password fields for a new database created
The initial password settings can be modified from System > General options > Security.
'Operators' panel in 'Security' tab
Security tab items
| Item | Description |
|---|---|
| Enforce account lockout policy | Number of failed logon attempts that will lockout the account (5 by default). Reset failed logon attempts that will lockout the account in minutes. If the operator tries the password with no success the attempt number will be reset after the period defined (10 minutes by default). Define either the time the account will remain locked out after the number of attempts is exceeded or restrict the release of the account to the system administrator. By default it is set to 30 minutes. |
| Password minimum length | Sets the minimum number of characters required for passwords (range: 1-128 characters). Default is 12 characters for new databases. Maximum password length is 128 characters. Passwords are also checked against a list of common/breached passwords that are not permitted. |
| Enforce password character requirements | When enabled, requires passwords to contain: - At least one upper case and one lower case letter - At least one number or one special character: !"#$%&'()*+,-./:;<=>?@[]^_`{|}~ This setting is disabled by default for new databases to allow any combination of characters. |
| Enforce password expiration | Number of days for the password to expire. Disabled by default. |
| Enforce password history | Number of previous passwords to be remembered by the system so that they cannot be repeated when creating a new password. |
| Enforce 2FA for all operators | When activating this configuration, all operators, including administrator operators, must configure two-factor authentication next time they log in. See Two-factor authentication and Logging in with two-factor authentication enabled for more information. |
Password policy migration: When upgrading Space from previous versions, existing passwords remain valid until changed. The new password requirements only apply when users change their passwords after the upgrade.
For databases upgraded from previous versions:
If Enforce password policy was enabled: Password minimum length is set to 8 characters and Enforce password character requirements is enabled
If Enforce password policy was disabled: Password minimum length is set to 1 character and Enforce password character requirements is disabled
Password visibility features
Space includes password visibility options to improve usability:
- Login screen: The password visibility icon allows users to temporarily show/hide their password while typing
- Password change screens: Users can view both current and new passwords while entering them
These features help users ensure they're entering passwords correctly while maintaining security.
The password visibility icon allows users to temporarily show/hide their password
LDAP for operators
You can enable the Lightweight Directory Access Protocol (LDAP) for operators from the Security tab in General options.
'LDAP' panel in 'Security' tab - Operators
Once this option is enabled, you need to fill the necessary setup to enable the connectivity with your LDAP.
To complete the configuration of LDAP for operators, also contact your technical support team. They should be able to provide more information on the technical details on your specific IT setup for using LDAP.
The synchronizing of LDAP operators allows the synchronization of operators from an Active Directory using LDAP protocol. There is no need to store operator's credentials (that is, username and password) in Space database for authentication purposes. The credentials are directly saved in the Directory Service.
Once this setup is done you must carry out a synchronization or a scheduled job.
LDAP for users
You can enable the Lightweight Directory Access Protocol (LDAP) for users from the Security tab in General options.
'LDAP' panel in 'Security' tab - Users
Once this option is enabled, you need to fill the necessary setup to enable the connectivity with your LDAP.
To complete the configuration of LDAP for users, also contact your technical support team. They should be able to provide more information on the technical details on your specific IT setup for using LDAP.
The synchronizing of LDAP operators allows the synchronization of operators from an Active Directory using LDAP protocol. These users can be associated with a user access level.
Once this setup is done you must carry out synchronization a scheduled job.
Proxy configuration
You can enable and configure a Proxy client from the Proxy configuration panel in the Security tab within General options.
You can enable and configure a Proxy client from the 'Security' tab
Select Proxy client enabled and then, fill the host and the port fields.
The Authentication required checkbox will be helpful in the cases where authentication is required. When selected, the following fields are activated:
- Username: the username you want to configure to authenticate.
- Manager password: the password you want to configure for this username option.
- Confirm password: enter the password again.
If you need further assistance in the Proxy configuration process, contact your technical support team.
Back
Devices
Access points