Configuring account policies

You have the option to configure login criteria, user rights, passwords, and rules in the Account policies dialog. In the toolbar, click on Account policies.

In the Authorization tab, you can select from the following options:

Authorization by access management

Authorization is granted by entering the password that has been set in octoplant.

Authorization via operating system

Authorization is granted by the domain password.

This setting is only available for users that were synchronized using the Active Directory.

Authorization by operating system and access management

Authorization can be done using both methods. The user can log in using the password set in octoplant or the domain password.

There is the option to activate using Single Sign-On (SSO). Check the checkbox located under Additional options.

When the user attempts to log in for the first time, a message will appear stating that the server offers Single Sign-On and will ask if the user wants to use this feature.

Image: Dialog for activating Single Sign-On

In the Password tab, you can specify a time limit for the password, the number of entries in the password history, as well as a random or specific password as the default password for new or reset accounts. You can also specify whether the password must be changed by the user upon first login.
In the Password policy tab, you can set a minimum number of characters as well as the complexity of the password.

If the password you enter does not meet these specifications, a warning will be displayed. You can still, however, change the password as desired.

In the Block account tab, you specify whether accounts are to be blocked and according to which rules.
In the Deleted users tab, you can specify whether user data for the deleted accounts should be anonymized. This means that the full name of the user (not the username), the email address, and phone number, as well as the stored comment from an account, will be deleted from the database. The user name itself can also be deleted via a separate checkbox.
You can anonymize all previously deleted user accounts using the corresponding button.

This step is irreversible.

If you want to allow or disallow users to be able to login locally (without a connection to the server), check or clear the corresponding checkbox in the Miscellaneous tab.

Related topics:
Setting up Single Sign-On (SSO)