Managing Authentication Settings
  • 15 May 2024
  • 3 Minutes to read
  • Dark
    Light
  • PDF

Managing Authentication Settings

  • Dark
    Light
  • PDF

Article summary

Use Authentication settings to manage password settings and to enable two-factor authentication.

MngAuthSettings.png

To open Authentication Settings:

  1. From the top right corner of any page, click image.png. The System Settings page opens.
  2. In the Categories/Subcategories pane of the System Settings page, expand Privacy and Security, and select Authentication.

Password Policy Settings

PasswordPolicySettings

Note:

Password Policy Settings are configured by default for Axonius-hosted (SaaS) customers and cannot be changed.

  • Enforce password complexity (required, default: switched off) - Toggle on to configure and enforce password complexity for new/changed Axonius user accounts' defined passwords.

    If switched on, specify the following parameters:

    • Minimum password length (required, default: 10) - Specify the minimum length for a defined password. The specified value must be equal to or greater than the sum of the remaining fields.
    • Minimum lowercase letters required (optional, default: 1) - Specify the minimum lowercase letters required for an Axonius user account's (new/changed) defined password.
    • Minimum uppercase letters required (optional, default: 1) - Specify the minimum uppercase letters required for an Axonius user account's (new/changed) defined password.
    • Minimum numbers required (optional, default: 1) - Specify the minimum numbers required for an Axonius user account's (new/changed) defined password.
    • Minimum special characters required (optional, default: 0) - Specify the minimum special characters required for an Axonius user account's (new/changed) defined password.
      • Special characters refer to the following list: ~!@#$%^&*_-+=`|(){}[]:;"'<>,.?/

If switched on, when a user wants or needs to change their password, the password complexity requirements are displayed. For example, changing user password from the Manage Users page.

image.png

Password Reset Settings

PasswordResetSettings

  • Reset password link expiration (hours) (required, default: 48) - The number of hours that the reset password link remains valid.

Password Brute Force Settings

PasswordBruteForceSettings

Note:

Password Brute Force Settings are configured by default for Axonius-hosted (SaaS) customers and cannot be changed.

  • Enable Brute force protection (required, default: switched on) - Toggle on to enforce a rate limit on user login and on Changing user account password.


    Axonius uses a fixed window with an elastic expiry strategy for rate limiting. This strategy helps circumvent bursts.
    Example - 10/minute rate limit is configured:

    • If the user login is attacked at the rate of 10 hits per minute, the attacker is locked out of the resource for 1 minute after the last hit.
    • If the user login is attacked at the rate of 1 hit per second for 1 minute (total of 60 hits) - after passing the first 10 hits (after 10 seconds), the attacker is locked out of the resource for 1 minute. As the attacker continues with additional attempts, each attempt after the rate limit is exceeded, increases the lockout by the relative impact of a single hit on the defined window size. In the example, each hit increases the lockout by an additional 6 seconds (60 seconds / 10 hits = 6 seconds per hit).

    If switched on, specify the following parameters:

    • Maximum attempts (required, default: 20) - Specify the maximum number of attempts allowed.
      Note:

      Both GET and POST requests are considered attempts.

    • Window size in minutes (required, default: 5) - Specify the number of minutes to define a window size for the attempts allowed.
    • Lock Type (required, default: IP address) - Select IP address or User name.
      Note:

      When a specific user name is locked, Axonius also locks the IP address associated with the session of that user name.

Password Expiration Settings

PasswordExpirationSettings

  • Enable password expiration (required, default: switched off) - Toggle on to enforce password expiration for all users in the system.
  • Password expiration (days) (required, default: 90) - The number of days that a password is valid. Users with expired passwords are required to change their password when logging in.

Two-Factor Authentication Settings

Use two-factor authentication to add a second layer of protection in addition to the standard user password.

TwoFactorAuthentication.png

Notes:
  • After 3 failed attempts, the user will be locked out for 10 minutes.
  • Users must register their email to login with two-factor authentication.

To enable two-factor authentication:

  • Under Two-Factor Authentication, toggle on Require use of email verification code.

When enabled, the user will receive an email to their registered email address with an authentication code to be entered into the Axonius login page.
2FALoginScreen.png



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.