Setting the Security Options


The current OU owner and administrators can set the password policies, IP address black and white lists, and session expiration time for users to log in to EnOS.

About This Task

This task shows how to configure the security settings for users, including password strength, IP address black and write lists, and session expiration time.

Before You Start

Ensure that you are the organization owner or administrator. However, it is not recommended to use the organization owner account to perform any operations other than transferring the ownership of the organization owner.

Configuring the Password Policy for This OU

You can implement a set of rules for users’ passwords.

Procedure

  1. Click IAM > Security Setting.

  2. Click Edit.

  3. Configure the fields below as per required.

    • Password Must Include: Select at least one of the options to include Numbers, Uppercase, Lowercase, or Symbols in the password.

    • Password Cannot Include: Check the checkbox to disallow users to include their username, email, mobile number, or service name in their passwords. Uncheck if otherwise.

    • Password Length: Specify the password length, between 8 (default) to 32 characters.

    • Password History Check: Specify the number of previous passwords that cannot be reused, between 1 to 5, with 2 as the default.

    • Password Validitiy Period: Specify the number of days before the password will expire and the user will need to set a new password, between 0 (never expire) to 1095 days, with 180 as the default.


  4. Click Save to complete the configuration of password rules.

Result

The new password rules of this OU will come into effect when a new user registers an account. In scenarios where old password rules are replaced by new rules, existing passwords will continue to remain valid until they expire. Users can set passwords according to the new password rules when they change their passwords.

Note

Do not change the password rules frequently.

Configuring the Login IP Access Control

You may add specific IP or IP segments to an IP blacklist or whitelist.

Procedure

  1. Click IAM > Security Setting, and then click Edit.

  2. Select the method to restrict IP addresses in the Login IP Restrictions:

    • Whitelist: Only users from the IP address or IP segments in the white list can access EnOS Management Console; all users are allowed to access EnOS Management Console by default if the white list is empty

    • Blacklist: Users from the IP address or IP segments in the black list cannot access EnOS Management Console.

  3. Enter the IP addresses or IP segments to be controlled. Use commas (,) to separate different IP addresses. Classless inter-domain routing (CIDR) is supported.

  4. Click Save to have the IP access control take effect immediately.

Result

  • Only users from the IP address or IP segments in the white list can access EnOS Management Console

  • Users from the IP address or IP segments in the black list cannot access EnOS Management Console.

Configuring the Session Expiration Time

Procedure

  1. Click IAM > Security Setting, and then click Edit.

  2. Set the session expiration time in the Session Status field. Valid value ranges from 15 to 1440 minutes.

Result

When a login request exceeds the expiration time, the session will expire and the user needs to log in to EnOS again.