Security Policies

Security Policies are the rules that protect access to your organization — the password requirements, session controls, multi-factor settings, and network restrictions every user is held to. Setting these well is foundational to a defensible, regulated deployment.

Password policy

You govern passwords with rules for length and complexity, can block passwords containing user information, and can require periodic change. Where your organization authenticates entirely through single sign-on, you can disable password login entirely, removing local passwords as an attack surface altogether.

Multi-factor and lockout

You can require multi-factor authentication and see its status across the organization, and set how many failed attempts are allowed before lockout — so brute-force attempts are stopped rather than left to keep trying. The portal can also block suspicious login attempts automatically.

Session controls

Sessions are bounded by an idle timeout (inactivity) and an absolute timeout (a maximum regardless of activity), with a limit on maximum concurrent sessions and the option to encrypt session storage. These ensure an unattended or stale session can’t be exploited and that one account isn’t used from many places at once.

Network restrictions

Allowed IP ranges let you confine access to known networks, so the platform can only be reached from where your organization expects. Together these policies, the authentication logs that record their effect, and SSO form your organization’s access security posture.