Skip to content

Configuring account policies

Configure the login criteria, user rights, passwords and rules individually for a user in the Account policies dialog. You can access the dialog by clicking on the Account policies button in the menu bar.

Figure: Account policies dialog

  • In the Authorization tab, you can choose between the following options:

    • Authorization by access management
      Authorization is carried out via the password entered in octoplant.
    • Authorization via operating system
      Authorization is carried out via the domain password.

    Info

    This setting only works for users who have been synchronized via the Active Directory.

    • Authorization by operating system and access management Authorization can be carried out via both authorization methods. The user can either log in with the password entered in octoplant or with the domain password. To enable authentication with Single Sign-On (SSO), use the checkbox at Additional options.

    Info

    At the first login of the user on the server, a message appears that the server offers Single Sign-On and asks if the user wants to use this feature.

Figure: Activate Single Sign-On dialog for this server

  • In the Password tab, you can specify a time limit for the password, the number of entries in the password history and a random or specific password as the default password for new or reset accounts. You can also specify here whether the password must be changed by the user on first login.
  • In the Password policy Tab, specify the minimum number of characters and the complexity of the passwords.

Info

If the password entered by you as administrator does not meet the defined requirements, a warning Icon Warning is displayed. You can still change the password as desired.

  • In the Block account tab, you specify whether and according to which rules accounts should be locked.
  • In the Deleted users tab, you can specify whether user data of the deleted accounts should be anonymized. This means that the full name of the user (not the username), the email and telephone number as well as the stored comment of an account are deleted from the database. The user name itself can also be deleted via a separate checkbox. You can use the corresponding button to anonymize all previously deleted user accounts.

Info

This process cannot be undone.

  • If you want to allow/disallow the local login of the user (without connection to the server), activate/deactivate the corresponding checkbox in the Miscellaneous tab.