Configuring account access policies for an Analyzer

In a Real User Analyzer, a Security user can configure security features for account policies.

To configure the following security features for account policies, point to Administration > Security settings and click Account policies:

  • Password change upon first logon — When this feature is enabled, the system forces new users to change their password upon first logon.
  • Strict password policy — When strict passwords are enabled, users are forced to change simple passwords upon logon.
  • Password expiration period — When a password expiration period is enabled, a Security user can specify the number of days that a password is valid (the default value is 30). When this feature is disabled, passwords never expire. To configure this feature, click Edit on the Action menu, and enter a value (in days).
  • LDAP authentication and authorization — The Security user can enable or disable either or both LDAP functions. For further information, see Using LDAP authentication and authorization for the Analyzer or Collector.
  • Account lockout — When account lockout is enabled, an account locks after the specified number of unsuccessful attempts to log on and unlocks after a specified period. The default lockout value is 5, and the default unlock value is 24 hours. To configure the default period (30 days), click Edit on the Action menu.
  • Account inactivity - After 30 days of inactivity, automatically inactivate the Operator, Administrator, or Observer local account.
  • Entitlement groups — Entitlement groups give groups of users access to data from some Watchpoints but not others. When enabled, Observers who are associated with a particular Entitlement group only have access to data from Watchpoints also associated with that Entitlement group.
  • Concurrent logons — When enabled, multiple simultaneous logons under the same account are permitted. When disabled, only the most recent logon works.

    Note

    Concurrent login settings only apply to interactive sessions (where users are logged on to the web interface). You can still have multiple simultaneous API calls (such as data export and configuration APIs) using the same account credentials.

  • Prevent automatic login — When enabled, browser software will not persist usernames and password (auto-completion is not permitted on the login page).

Related topics

Configuring account access policies for a Collector

Was this page helpful? Yes No Submitting... Thank you

Comments