Security tab in Space General options Work in progress
Overview
The Security tab is only available for operators with admin rights (admin operator).
This section covers the password management in Space. As well as explaining the main operator password options, it also indicates how to enable the Lightweight Directory Access Protocol (LDAP) for both operators and users. Space is compatible with Service Directories which support the LDAP Protocol. The Enforce password policy is enabled by default when creating a new system.
Password fields for a new database created
The initial password settings can be modified from System > General options > Security.
'Operators' panel in 'Security' tab
Security tab items
| Item | Description |
|---|---|
| Enforce account lockout policy | Number of failed logon attempts that will lockout the account (5 by default). Reset failed logon attempts that will lockout the account in minutes. If the operator tries the password with no success the attempt number will be reset after the period defined (10 minutes by default). Define either the time the account will remain locked out after the number of attempts is exceeded or restrict the release of the account to the system administrator. By default it is set to 30 minutes. |
| Enforce password policy | - Minimum length: 8 characters (16 maximum) - At least one upper case and one lower case - At least one number or one special character: !"#$%&'()*+,-./:;<=>?@[]^_`{ |
| Enforce password expiration | Number of days for the password to expire. Disabled by default. |
| Enforce password history | Number of previous passwords to be remembered by the system so that they cannot be repeated when creating a new password. |
| Enforce 2FA for all operators | When activating this configuration, all operators, including administrator operators, must configure two-factor authentication next time they log in. See Two-factor authentication and Logging in with two-factor authentication enabled for more information. |
LDAP for operators
You can enable the Lightweight Directory Access Protocol (LDAP) for operators from the Security tab in General options.
'LDAP' panel in 'Security' tab - Operators
Once this option is enabled, you need to fill the necessary setup to enable the connectivity with your LDAP.
To complete the configuration of LDAP for operators, also contact your technical support team. They should be able to provide more information on the technical details on your specific IT setup for using LDAP.
The synchronizing of LDAP operators allows the synchronization of operators from an Active Directory using LDAP protocol. There is no need to store operator's credentials (that is, username and password) in Space database for authentication purposes. The credentials are directly saved in the Directory Service.
Once this setup is done you must carry out a synchronization or a scheduled job.
LDAP for users
You can enable the Lightweight Directory Access Protocol (LDAP) for users from the Security tab in General options.
'LDAP' panel in 'Security' tab - Users
Once this option is enabled, you need to fill the necessary setup to enable the connectivity with your LDAP.
To complete the configuration of LDAP for users, also contact your technical support team. They should be able to provide more information on the technical details on your specific IT setup for using LDAP.
The synchronizing of LDAP operators allows the synchronization of operators from an Active Directory using LDAP protocol. These users can be associated with a user access level.
Once this setup is done you must carry out synchronization a scheduled job.