Security Settings

Security settings let you enforce authentication and access policies for your organization.

Accessing Security Settings

Navigate to Admin > Security Settings.

Two-Factor Authentication (2FA)

Enable email-based two-factor authentication to add an extra layer of security:

When enabled, users receive a verification code by email after entering their password.
You can require 2FA for all users or for specific roles.

When to enable 2FA

Consider enabling 2FA for all administrator accounts at a minimum. If your organization handles sensitive or high-value assets, requiring 2FA for all users provides an additional layer of protection.

Session Duration

Control how long a user can remain signed in before they must re-authenticate:

Set the session timeout to balance security with convenience. Shorter durations (e.g., 30 minutes) are more secure; longer durations (e.g., 8 hours) are more convenient for users who stay logged in throughout the workday.
Users who check "Remember Me" at login will stay signed in longer, up to the configured limit.

Password Policy

Enforce minimum password requirements:

Minimum length (default: 6 characters)
Require uppercase letters
Require lowercase letters
Require numbers

Default Password Requirements

By default, passwords must:

Be at least 6 characters long
Contain at least one uppercase letter (A–Z)
Contain at least one lowercase letter (a–z)
Contain at least one number (0–9)

Special characters are allowed but not required.

Account Lockout

After 10 failed login attempts, the account is automatically locked for 5 minutes to prevent brute-force attacks.

Accessing Security Settings​

Two-Factor Authentication (2FA)​

Session Duration​

Password Policy​

Account Lockout​

Accessing Security Settings

Two-Factor Authentication (2FA)

Session Duration

Password Policy

Account Lockout