Versions Compared

Version Old Version 1 New Version 2
Changes made by

Bibhuti Subudhi

Bibhuti Subudhi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

New and Improved Features

...

  • PMP-76028 User Login Activity Tracker
  • PMP-75356 App widget with options "Modify", "List" and "New" 

Configurable

  • PMP-76031 Application Level Strong Password Policy for Non-SSO Login


Anchor
PMP-76031
PMP-76031
PMP-76031 Application Level Strong Password Policy for Non-SSO Login

Configurable: Yes

  • Title: Reset Account Lockout Counter
  • Public/Private: Private
  • Default: 1440 (Minutes)


  • Title: Account Lockout Duration
  • Public/Private: Private
  • Default: 0 (Minutes)


  • Title: Enforce Password History
  • Public/Private: Private
  • Default: 5 for existing customers and 24 for baseline.


Existing System

  • No configuration to set account lockout counter timelinetime
  • No configuration to set account lockout option and duration
  • No configuration to manage the number of password history validation while creating a new password.

...

  • Track user's invalid credential login attempt counts within the Reset Account Lockout Counter timeline time from both web and mobile. Currently, there is no timeline time to track the invalid counts, once the browser will refreshed will be refreshed on the login screen of the web the counter will set to zero. This may lead to a security issue as the invalid login counts are not being tracked in the backend. 
  • The new configuration's default value has set to 1440 minutes (24 Hours). So any invalid login attempts from the web or mobile will be tracked for the user within 24 hours and a reset password email will be sent or the account will be locked out based on the configuration. 
  • If the user will be able to remember the correct credential and login into the application within the configuration time (24 Hours), the invalid login attempts will reset to zero.
  • Customers can change the configuration time to track the invalid login attempts as per their security policy.

Account Lockout Duration Configuration

  • Using this configuration user account will be lockout for a certain time period based on the invalid login attempts. 
  • The user's account will be automatically unlocked, after the lockout timelinetime
  • In case of emergency to unlock a user's account can be done from the backend only. This is not a suggestable option, as this will breach the security. 
  • If the user will try to login application with a valid credential also, it won't allow the user to login. It will display the message. "Your account is currently locked out due to invalid login attempts, you may try again after "Time & Date". Please don't contact Technical Support, you must wait to try again"

e.g.

The Account Lockout Duration configuration has set to 30 minutes and the Account Lockout Threshold configuration value is 5, which means after five invalid login attempts from web or mobile the user's account will be lockout for 30 minutes. Users can only log in to the application after 30 minutes of the lockout time. 

NoteIf multiple customers ask to provide a feature to reset the account lockout from the administration screen, the feature will be added to the product in future versions. 


Enforce Password History Configuration

  • Configuration to manage password history validation while creating a new password. 
  • This is now hardcoded with the last five password history validation, with this change the validation will be managed with a configuration. 
  • Customers can set the number of last password validation as per their security policy. 
  • The configuration value will be five for existing customers and the baseline value will be 24. So for existing customers, it won't allow using the last five passwords while creating a new password.


Impacts: No Impacts


Back to top

Anchor
PMP-76028
PMP-76028
PMP-76028 User Login Activity Tracker

Configurable: No

  • Title: NA
  • Public/Private: NA
  • Default: NA

Existing System

  • No feature to track unsuccessful login attempts.
  • No option to view successful and unsuccessful login attempts for the location administrator
  • No option to view users who have not accessed the application for more than 60 days 

...

Users who have not access the application for more than 60 days:


Back to top

Anchor
PMP-75356
PMP-75356
PMP-75356 App widget with options "Modify", "List" and "New"

Configurable: No

  • Title: NA
  • Public/Private: NA
  • Default: NA

Existing System

  • Navigate to the App List screen from the home screen widget

...

  • Option to navigate to different screens of the app directly from the app widget.
  • Access to the options will be managed using the user's permission for the app.

Impacts: NA



Back to top