User Account Policy
User Account Policy settings allow Administrators to help ensure account security, protect user information, and prevent unauthorized access to the application using a variety of security settings.
Password policy settings help ensure account security by compelling users to set a unique password composed of upper and lowercase letters, numbers, and symbols. Passwords must be a minimum of eight characters, but other requirements, such as numbers, symbols, and uppercase letters, are optional and can be toggled on and off.
The Password Expiry toggle compels the user to set a new password after a specified time. Toggling this option to On will open a field to set the number of days before a password reset is required. This feature is toggled to Off by default.
The Account Suspension option prevents a user from logging in if they have been inactive for a set number of days. Like the Password Expiry toggle, this option must be toggled On to allow the Administrator to set the required number of days, and is toggled Off by default.
The Idle Session Timeout feature automatically logs users off after a set period of time. Administrators should be aware that enabling this feature results in a brief timeout for drivers using the application that may result in non-compliant ELD operation.
Note: Idle Session Timeout and Account Suspension are currently in Feature Preview and not enabled by default. To enable these features, turn on Feature Preview under the UI Settings tab by navigating to Administration > Users from the main menu. From the User Edit page, toggle Feature Preview to On and click Save.
The Previous Password Reuse feature determines whether a user can reuse an old password when updating their password. The default state for this toggle is Yes, which allows for reuse.
The User Lockout feature allows the Administrator to limit users to a certain number of password attempts before they are locked out of the application for a specified time. Failed login attempts are automatically set to 3, with a lockout time of 30 minutes.
User Authentication Types defines the types of authentication accepted by the application. Administrators can choose to allow basic authentication logins, or SAML logins, or both.
We recommend that users utilize SAML 2.0 to manage their accounts. SAML enables single sign-on (SSO) in which users log in to the Telematics Provider platform once, then reuse the same credentials to log into the Fleet Management Application. This ensures that user account password strength and multi-factor authentication (MFA) requirements are enforced by the Identity Provider (IdP).
Users that do not use SAML 2.0 should use strong password policies. You can set password policies by navigating to Administration > System > System Settings > User Account Policy.
We recommend the following User Account Policy settings:
- Minimum password length: 8
- Require an upper case letter, A-Z: On
- Require a lower case letter, a-z: On
- Require a number, 0-9: On
- Require a symbol, like $ or @: On
- Require that password is not a part of username: On
- Enable password expiry timer: On
- Reset password after: 90 days
- Allow password reuse: No
- Enable user lockout: On
- Failed login attempts: 5
- Authentication period: 10 minutes
- Lockout time: 30 minutes