ENESUK
+38(067)217-0440

LMS Collaborator knowledge base

Home/System settings/General settings/Policies
Table of Contents

Policies

Setting up policies allows the administrator to set rules for authentication, roles, subordinates, organizational structure, and passwords.

You can access the policies menu from the System Settings menu:

Authentication policy

Authentication policy allows to set settings related to user authentication. This is the procedure for verifying and confirming a user's identity before granting access to a system or resource. This is necessary in order to prevent access to the system by persons who do not have the corresponding access rights.

You can access this setting from the Policies - Authentication menu.

The following settings are available on the policy page:

  • (1) - Enable authentication using a one time password;
  • (2) - Use as default sign-in form (available with (1) setting enabled) - allows setting the temporary password authorization form as the main one;
  • (3) - Allow one time password registration (available with (1) setting enabled) - allows users to register with the generation of a one time password, which they must change after authorization;
  • (4) - Hide sign-in form;
  • (5) - Display a button for sign-in with login and password (available with (4) setting enabled);
  • (6) - Number of login attempts before lockout.

Enable authentication by one time passwords

Allows users to log in using a temporary password that will be sent to telegram/viber/sms, etc. (at least one such integration must be configured in the system). The user must change this password after authorization.

With the setting enabled, a one time password login button will appear on the login page:

Next, you will need to enter the phone number to which you will receive a message with a one time password, and then enter it in the appropriate field. If the message has not arrived, you can send it again by clicking on the corresponding button.

The locking mechanism for this setting works in the same way as for a regular login/password login.

Hide sign-in form

Allows you to hide the login form if the system has enabled SSO, so that users can only be authorized in this way. Alternatively, you can enable the option Display a button for sign-in with login and password, so that users can log in that way as well.

Number of login attempts before lockout

The number of login attempts before blocking determines the number of logins to the system with an incorrect password for the user. In this case, regardless of the total number of attempts, the CAPCHA field appears after two incorrect login attempts. Subsequent attempts depend not only on the correctness of the password, but also on the characters entered in the CAPCHA field.

If all available attempts are used and the user has not entered the correct password, he will be blocked. The first blocking lasts 5 minutes. If after blocking, the user enters the wrong password again - the blocking will be enabled for 10 minutes. All subsequent locks will increase - 5, 10, 15, 20, 25 minutes.

Roles policy

Roles policy defines how roles will be assigned to the imported users. There are two ways available:

  • By positions mapping;
  • By import value.

When "By positions mapping" is selected, the role will be assigned according to the user position.

If the "By import value" setting is selected, then on the integration settings page you can set pairs "group in integrated system ─ role is LMS". Then roles will be assigned to users during import according to these rules.

You can access the setting from the Policies - Roles menu:

Subordinates policy

Subordinates policy defines how manager-subordinate relationships will be determined. There are two ways available:

  • By positions mapping;
  • By import value.

By positions mapping mode provides that subordinates will be determined according to orgstructure.

If By import value mode was selected, then subordinates and their managers will be determined according to the imported relationships in the integrated system. More details about the difference in defining managers and import methods are in the article Imported managers.

You can access the setting from the Policies - Subordinates menu:

Orgstructure policy

Allows to assign users to multiple organizational departments. Available only with enabled option "Detected subordinates mode: By import value".

More details about this setting are described in the article Working with the structure tree.

You can access the setting from the Policies - Orgstructure menu:

Passwords policy

Passwords policy allow you to set all password-related settings for users. The use of complex passwords increases the security of data and system operation, reduces the possibility of logging in to the system by other users and access to the data of each registered user.

You can go to the settings from the Policies - Passwords menu.

The following settings are available on the Password policy page:

  • (1) - Limit maximum password age;
  • (2) - Minimum password length;
  • (3) - Disable simple password;
  • (4) - Change password after first login.

Limit maximum password age

The setting allows you to add a password expiration date. The number of days of password validity can be set in the Maximum password age (days) field.
If the user uses the password for more days than it is set in the setting, then after logging in to the portal, the user will be prompted to change the password.

Minimum password length

This setting allows you to limit the minimum number of characters for the password. The user will not be able to change the password or register in the system if the password does not match the number of characters.

Disable simple password

The administrator can prohibit the use of simple passwords. When such a ban is enabled, the following requirements apply when entering a new password:

  • does not contain the account name;
  • contains capital letters of the Latin alphabet;
  • contains lowercase letters of the Latin alphabet;
  • contains numbers;
  • contains special characters!,@,#,$,%,^,&,*,(,),_,-,+,=,[,],{,},?

Change password after first login

Often, when importing users, standard passwords are assigned to everyone. To protect your account, it is a good idea to change the password to a more secure one.
If you enable this option, all new users will be required to change their password during the first login in order to continue their work on the portal. After authorization on the portal, a notification will be displayed to them:

LMS Collaborator constantly monitors all actions related to logging into the system, changing passwords, logins and emails. If potentially dangerous or important security actions occur, they are recorded in the Security log. All entries in the report differ in importance levels - low, normal, high. Records areattached in such cases:

  • The password has been marked as outdated. The user must change it;
  • The user has changed his password;
  • The administrator has changed the password;
  • The user has restored his password;
  • User is temporarily blocked automatically.

For the Security log, the Notify about changes by E-mail setting is available, with which the administrator can enable automatic sending of event notifications.
If the setting is enabled, a list of log entries for the last day is sent to the system administrator daily using the Users - Security log Report template, if any.

Also, the number of new entries in the Security log is displayed by a marker in the Reports menu, which also allows the Administrator to quickly respond to potential danger.

Rewrite user passwords from CSV file

Access to the function is opened for the role in which the permission "Update user passwords from a file" is enabled (find more in Roles in the system). Permissions for roles are set up by LMS Collaborator technical support.

The .csv file must contain two columns:

  • uid - external user ID
  • password - password to be set.

For example:

uid;password
demo01;x5bD37AYm9
demo02;cLk8257CuR
demo03;7bCm56sBK5
demo04;c2jBA4Ki45
demo05;b228x8ZJsG
demo06;Pc7AhX6i59
demo07;v88G9st9FN

After loading the file, all users from the list, according to the id, passwords are replaced with new ones. If the id from the file does not match any of the ACTIVE users in the system, the feed is ignored.

After changing passwords, a message is displayed in a modal window with the number of:

  • (1) - Updated users;
  • (2) - Ignored users;
  • (3) - Not found users (list of not found id).

After updating passwords, a notification is sent to all users using the Users - Your password has been changed template.

Also, the password update event for each user is displayed in the security log with the comment "Administrator changed password".

Still have questions?
Our technical support team is always happy to help!
Write to us at technical support [email protected]. If you are registered on our Helpdesk - send request button below.
Send request