Setting the Security Options


The current OU owner and administrators can set the password policies, IP address black and white lists, and session expiration time for users to log in to the EnOS.

About This Task

This task shows how to configure the security settings for users, including password strength, IP address black and write lists, and session expiration time.

Before You Start

Ensure that you are the organization owner or administrator. However, it is not recommended to use the organization owner account to perform any operations other than transferring the ownership of the organization owner.

Configuring the Password Policies for This OU

You can implement the password strength requirements by configuring the password policies.

Procedure

  1. Click IAM > Security Setting.

  2. Click Edit to set the password policies for the OU. After you are done, click Save to complete the configuration of password policies. EnOS supports the following password policies:

Password Strength

Requirements

Medium (default)

  • Password length requirements: 8 digits

  • At least one uppercase English letter

  • At least one lowercase English letter

  • At least one number

  • Password expiration (days) enabled: the password remains valid for 180 days (inclusive)

  • Password reuse disabled: the latest 2 passwords are logged for repetition check

Strong

  • Password length requirements: 12 digits;

  • At least one uppercase English letter

  • At least one lowercase English letter

  • At least one number

  • Password expiration (days) enabled: the password remains valid for 90 days (inclusive)

  • Password reuse disabled: the latest 3 passwords are logged for repetition check

Very Strong

  • Password length requirements: 16 digits;

  • At least one uppercase English letter

  • At least one lowercase English letter

  • At least one number

  • At least one special character (including !@#¥%&*()[]{}-_=|)

  • Password expiration (days) enabled: the password remains valid for 60 days (inclusive)

  • Password reuse disabled: the latest 5 passwords are logged for repetition check

Result

The new password policies of this OU will come into effect when a new user registers an account. In scenarios where old password policies are replaced by new policies, the following results may occur for the users under the the old password policies once the old policies are replaced:

  • Password strength upgrade: After stronger policies are saved, EnOS checks the password expiration dates for users under the current OU upon the next login. For the users whose passwords would expire in 3 days, an SMS or email will be sent to ask them to modify their passwords according to the new password policies. In this case, the validity period of the new passwords starts from the time when the users reset their passwords.

  • Password strength downgrade: After weaker policies are saved, existing passwords would continue to remain valid until they expire. Users can set passwords according to the new password strength when they change their passwords.

Note

Do not change the password policies frequently.

Configuring the Login IP Access Control

You may add specific IP or IP segments to an IP blacklist or whitelist.

Procedure

  1. Click IAM > Security Setting, and then click Edit.

  2. Select the method to restrict IP addresses in the Login IP Restrictions:

    • Whitelist: Only users from the IP address or IP segments in the white list can access the EnOS Management Console; all users are allowed to access the EnOS Management Console by default if the white list is empty

    • Blacklist: Users from the IP address or IP segments in the black list cannot access the EnOS Management Console.

  3. Enter the IP addresses or IP segments to be controlled. Use commas (,) to separate different IP addresses. Classless inter-domain routing (CIDR) is supported.

  4. Click Save to have the IP access control take effect immediately.

Result

  • Only users from the IP address or IP segments in the white list can access the EnOS Management Console

  • Users from the IP address or IP segments in the black list cannot access the EnOS Management Console.

Configuring the Session Expiration Time

Procedure

  1. Click IAM > Security Setting, and then click Edit.

  2. Set the session expiration time in the Session Status field. Valid value ranges from 15 to 1440 minutes.

Result

When a login request exceeds the expiration time, the session will expire and the user needs to log in to EnOS again.