Sign On Policies are global policies that allow you to manage the login security of your HelloID environment. You may configure settings such as how many invalid login attempts will lock out a user, or how long a session lasts before a user must log in again.
To configure your organization's HelloID Sign On Policies, navigate to Security > Policies > Sign on policies.
The following settings are available for configuration:
- Lock user after number of invalid password entries
Enable or disable the option to lock user accounts after entering a number of invalid password entries. This helps prevent brute-force attacks against accounts in your environment.
- Lock user after invalid password count
Specify how many invalid entries a user can make prior to being locked out.
- Unlock user after specified amount of time
Enable or disable the option to unlock a user account after a specified amount of time. If you disable this option, an administrator must manually unlock an account if it has been locked out.
- Lock time
Specify the lock time in minutes. This is only applicable if you enable Unlock user after specified amount of time.
- Change password after specified amount of time
Enable or disable the option to force users to change their password after a specified amount of time.
- Change password time (days)
Specify the number of days, after which, a user must reset their password. This is only applicable if you enable Change password after specified amount of time.
- User session timeout (minutes)
Specify after how many minutes a user's logon session will expire. After expiring, the user will need to log back into your HelloID portal.
- Fixed timeout instead of sliding
Normally, HelloID automatically times out users based upon a set duration after the user's last click (monitored by cookies). By enabling this option, HelloID's automatic timeout will occur at a fixed interval (set in the User Session Timeout field) after the user's first action in the portal. For example—with a 30 minute session timeout—if a user logs in at 3:00pm, they will automatically be logged out at 3:30pm.
- Always show login selector page
Enable or disable the selector page on the login screen.
- Enable QR-login
Enable or disable the option to login with QR codes. Learn more about QR codes here.
- QR-login allowed IP addresses
Specify the IP addresses from where users are allowed to log in with QR codes.
- Show QR-login on login selector page
Show the QR-login option on the selector page.