Security Settings

Security settings configure authentication, password policies, access controls, and security monitoring to protect your system and data. This guide covers security configuration.

Overview

Security settings enable you to:

• Configure authentication
• Set password policies
• Enable two-factor auth
• Manage session security
• Monitor security events
• Control IP access

Accessing Security Settings

Navigate to Settings → Security to configure security options.

Understanding Security

Security Layers

Layer	Protection
Authentication	Verify identity
Authorization	Control access
Encryption	Protect data
Monitoring	Detect threats
Audit	Track activity

Security Status

Status	Description
Secure	All policies met
Warning	Minor issues
At Risk	Significant gaps
Critical	Immediate action needed

Authentication Settings

Login Options

Option	Description
Username/Password	Standard login
SSO	Single sign-on
Social Login	Google, Microsoft
LDAP	Directory auth

Session Settings

Setting	Options
Timeout	15 min - 24 hours
Remember Me	Enable/disable
Concurrent Sessions	Limit or unlimited
Force Logout	On password change

How-To Guides

How to Configure Password Policies

Password Requirements

1. Go to Settings → Security → Passwords
2. Configure requirements:

Setting	Recommended
Minimum Length	12 characters
Uppercase Required	Yes
Lowercase Required	Yes
Numbers Required	Yes
Special Characters	Yes
No Repeating	3 max

3. Save policy

Password Expiration

Password Expiration Policy

Expiry Period: 90 days
Warning: 14 days before
Grace Period: 7 days
History: Cannot reuse last 12

Exceptions:
- Service accounts: No expiry
- API keys: 365 days

How to Enable Two-Factor Authentication

2FA Options

Method	Description
Authenticator App	TOTP codes
SMS	Text messages
Email	Email codes
Hardware Key	FIDO2/WebAuthn

Setting Up 2FA

1. Go to Settings → Security → 2FA
2. Enable 2FA
3. Select methods
4. Configure options:
   • Required for all
   • Required for admins
   • Optional
5. Save settings

User 2FA Setup

Two-Factor Authentication

Status: Enabled for Admins

Methods Available:
├─ ✓ Authenticator App (Recommended)
├─ ✓ SMS Verification
├─ ✓ Email Verification
└─ ✓ Hardware Security Key

Settings:
├─ Remember device: 30 days
├─ Backup codes: 10 codes
└─ Recovery: Email verification

How to Configure SSO

SAML Setup

1. Go to Settings → Security → SSO
2. Select SAML 2.0
3. Configure:
   • Identity Provider URL
   • Certificate
   • Entity ID
   • ACS URL
4. Test connection
5. Enable SSO

SSO Settings

SAML Configuration

Identity Provider: Okta
Entity ID: https://yourcompany.okta.com
SSO URL: https://yourcompany.okta.com/sso
Certificate: [Uploaded]

Service Provider:
Entity ID: https://app.yourcompany.com
ACS URL: https://app.yourcompany.com/auth/saml

Options:
├─ Auto-create users: Yes
├─ Default role: Standard User
└─ Require SSO: No (hybrid mode)

How to Manage Session Security

Session Configuration

1. Go to Settings → Security → Sessions
2. Configure:

Setting	Value
Idle Timeout	30 minutes
Max Duration	8 hours
Concurrent Sessions	3
Terminate on Password Change	Yes

3. Save settings

Active Sessions

View and manage:

• All active sessions
• Device information
• Location data
• Terminate remotely

How to Set IP Restrictions

IP Allowlist

Restrict access by IP:

1. Go to Settings → Security → IP Access
2. Enable IP restrictions
3. Add allowed IPs:
   • Single IP: 192.168.1.100
   • Range: 192.168.1.0/24
   • Named list: Office IPs
4. Configure exceptions
5. Save settings

IP Settings

IP Access Control

Mode: Allowlist Only

Allowed IPs:
├─ 203.0.113.0/24 - Office Network
├─ 198.51.100.50 - VPN Exit
└─ 10.0.0.0/8 - Internal Network

Exceptions:
├─ Admin users: Can access from any IP
└─ API access: Separate IP list

Blocked Attempts:
- Last 24h: 47 attempts blocked
- Alert threshold: 10 attempts

How to Configure Login Security

Lockout Policy

1. Go to Settings → Security → Login
2. Configure lockout:

Setting	Value
Failed Attempts	5
Lockout Duration	30 minutes
Reset After	15 minutes
Notify Admin	Yes

CAPTCHA Settings

Enable CAPTCHA:

• After failed attempts
• For registration
• For password reset
• Always on login

How to Monitor Security Events

Security Dashboard

View:

• Failed logins
• Locked accounts
• Suspicious activity
• Security alerts

Security Events

Security Events - Last 24 Hours

Failed Logins: 23
├─ Invalid password: 18
├─ Unknown user: 3
└─ Locked account: 2

Account Lockouts: 2
Password Resets: 5
2FA Failures: 1

Alerts:
⚠ Multiple failed logins from 203.0.113.50
⚠ New device login for [email protected]

Alert Configuration

Set alerts for:

• Multiple failed logins
• Account lockouts
• Unusual access times
• New device logins
• Permission changes

How to Configure Encryption

Data Encryption

Type	Protection
At Rest	Database encryption
In Transit	TLS/SSL
Field Level	Sensitive fields
Backup	Encrypted backups

Encryption Settings

1. Go to Settings → Security → Encryption
2. Configure:
   • SSL/TLS version
   • Cipher suites
   • Certificate management
3. Enable field encryption for:
   • Credit cards
   • SSN/Tax IDs
   • Passwords

How to Audit Security

Audit Log

Track:

• Login/logout
• Permission changes
• Data access
• Setting modifications

Audit Report

Security Audit Report - January 2026

Authentication:
├─ Total logins: 2,456
├─ Failed attempts: 89 (3.6%)
├─ 2FA usage: 78%
└─ SSO logins: 45%

Access Control:
├─ Permission changes: 12
├─ Role modifications: 3
└─ New users: 8

Security Events:
├─ Lockouts: 7
├─ Password resets: 34
└─ Suspicious activity: 2

Advanced Features

Risk-Based Authentication

Adaptive security:

• Device recognition
• Location analysis
• Behavior patterns
• Risk scoring

Privileged Access Management

Admin security:

• Just-in-time access
• Approval workflows
• Session recording
• Time-limited elevation

Security Compliance

Meet standards:

• SOC 2
• GDPR
• HIPAA
• PCI DSS

Threat Detection

Active monitoring:

• Anomaly detection
• Threat intelligence
• Automated response
• Incident management

Best Practices

🔐 Authentication

• Strong passwords
• Enable 2FA
• Use SSO when possible
• Regular review

🛡️ Access Control

• Least privilege
• Regular audits
• Prompt revocation
• Clear policies

📊 Monitoring

• Enable logging
• Review regularly
• Set alerts
• Investigate anomalies

📋 Compliance

• Document policies
• Regular assessments
• Training programs
• Incident response

Configuration

Authentication Settings

Navigate to Settings → Security → Authentication:

• Methods - Login options
• Password - Password policy
• 2FA - Multi-factor
• SSO - External auth

Access Settings

• Sessions - Session management
• IP - IP restrictions
• Devices - Device control
• API - API security

Monitoring Settings

• Logs - Audit configuration
• Alerts - Alert rules
• Reports - Security reports
• Dashboard - Monitoring view

Troubleshooting

Common Issues

Account locked out

• Wait for lockout period
• Admin unlock
• Check IP not blocked
• Verify credentials

2FA not working

• Check time sync
• Verify setup complete
• Use backup codes
• Contact admin

SSO failing

• Check IdP status
• Verify certificates
• Review configuration
• Check user mapping

Cannot access from IP

• Verify IP correct
• Check allowlist
• Review VPN config
• Contact admin

Next Steps

Learn about Integrations to connect external services and APIs.