Unique Security Administrator

Default = Off

This setting is no longer used. It is greyed out and set to off, meaning that permission to access ad change security settings can also be assigned to other service user accounts through their rights groups memberships.

Name

Default = 'security'. Range = 6 to 31 characters.

The name for the security administrator.

Change Password

Range = 9 to 31 characters.

The password for the security administrator. In order to change the security administrator password, the current password must be known. The user's original password is set during the initial configuration of the system.

Minimum Password Complexity

Default = Medium.

The password complexity requirements. The options are:

• Low - Any password characters may be used without constraint. Password must not contain your user name.

• Medium - The password must include characters from at least 2 of the character sets listed below. For example a mix of lower case and upper case. In addition, 3 or more consecutive identical characters of any type is not allowed.

  • Lower case alphabetic characters.

  • Upper case alphabetical character.

  • Numeric characters.

  • Non-alphanumeric characters, for example # or *.

• High - As per medium but requiring characters from at least of the 3 character sets above.

Previous Password Limit (Entries)

Default = 24. Range = 0 (Off) to 24 records.

The number of previous password to check for duplicates against when changing the password. When set to 0, no checking of previous passwords takes place. This setting is active for attempted password changes on both Security Manager and the system.

Block Default IP Phone Passcodes

Default = On

If selected, existing IP phone registrations with default passcodes are not allowed in the system. Administrators must type in passwords for registering the existing phones. If not checked, existing IP phone registrations with default passcodes are allowed for registration with the system. Allowing existing phones to register with default passcodes pose a security risk as outsiders can access the system using those passcodes.

Minimum Name Length

Default = 6, Range 1 to 31 characters.

This field sets the minimum name length for service user names.

Minimum Password Length

Default = 9, Range 1 to 31 characters.

This field sets the minimum password length for service user passwords.

Password Reject Limits (Attempts)

Default = 3, Range 0 (Off) to 255.

Sets how many times an invalid name or password is allowed within a 10 minute period before the Password Reject Action is performed.

Password Reject Action

Default = Log and Temporary Disable.

The action performed when a user reaches the Password Reject Limit. The options are:

• No Action

• Log to Audit Trail - Creates a record in the system's audit trail indicating the service user account name and time of last failure.

• Log and Disable - Create an audit trail record and disables the service user account. The account can only be re-enabled through the service user settings.

• Log and Temporary Disable - Create an audit trail record and temporarily disables the service user account for 60 seconds.

Minimum Password Complexity

Default = Medium.

The password complexity requirements. The options are:

• Low - Any password characters may be used without constraint. Password must not contain your user name.

• Medium - The password must include characters from at least 2 of the character sets listed below. For example a mix of lower case and upper case. In addition, 3 or more consecutive identical characters of any type is not allowed.

  • Lower case alphabetic characters.

  • Upper case alphabetical character.

  • Numeric characters.

  • Non-alphanumeric characters, for example # or *.

• High - As per medium but requiring characters from at least of the 3 character sets above.

Previous Password Limit (Entries)

Default = 24. Range = 0 (Off) to 24 records.

The number of previous password to check for duplicates against when changing the password.

Account Password Change Period (days)

Default = 0 (Off). Range 0 to 999 days.

Sets how many days a password is valid following a password change. Note that the user must be a member of a rights group that has the option Write own service user password enabled.

• Whenever this setting is changed, the system recalculates all existing service user password timers.

• If this timer expires, the service user account is disabled. The account can only be re-enabled through the service user settings.

• To prompt the user a number of days before the account is locked, set a Expiry Reminder Time (days) (see below).

Account Idle Time (days)

Default = 0 (Off). Range 0 to 999 days.

Sets how many days a service user account can be inactive before it becomes disabled. The idle timer is reset whenever a service user successfully logs in.

• If this timer expires, the service user account is disabled. The account can only be re-enabled through the service user settings.

• Whenever this setting is changed and the OK button is clicked, the system recalculates all existing service user idle timers.

Expiry Reminder Time (days)

Default = 10. Range 0 (Off) to 999 days.

Sets the period before password or account expiry during which a reminder indication is shown when the service user logs in. Reminders are sent, for password expiry due to the Account Password Change Period (days) (above) or due to the individual service user's Account Expiry date – whichever is the sooner. Currently Manager displays reminders but System Status does not.

Password Enforcement

Default = On.

When enabled, password settings are enforced. When disabled, password requirements are not enforced and the remaining settings are not editable

Minimum Password Length

Default = 9, Range 1 to 31 characters.

This field sets the minimum password length for user passwords

Minimum Password Complexity

Default = Medium.

The password complexity requirements. The options are:

• Low - Any password characters may be used without constraint. Password must not contain your user name.

• Medium - The password must include characters from at least 2 of the character sets listed below. For example a mix of lower case and upper case. In addition, 3 or more consecutive identical characters of any type is not allowed.

  • Lower case alphabetic characters.

  • Upper case alphabetical character.

  • Numeric characters.

  • Non-alphanumeric characters, for example # or *.

• High - As per medium but requiring characters from at least of the 3 character sets above.

Password Reject Limits (Attempts)

Default = 5, Range 0 (Off) to 255 failures.

Sets how many times an invalid name or password is allowed within a 10 minute period before the Password Reject Action is performed.

Password Reject Action

Default = Log and Temporary Disable.

The action performed when a user reaches the Password Reject Limits (Attempts). The options are:

• No Action

• Log to Audit Trail - Creates a record indicating the user account name and time of last failure.

• Log and Disable - Creates an audit trail record and additionally permanently disables the user account. The account can be enabled using the Account Status field on the User > User page.

• Log and Temporary Disable - Creates an audit trail record and additionally temporarily disables the user account for 60 seconds.