Versions Compared

Version Old Version 1 New Version Current
Changes made by

Bibhuti Subudhi

Kathleen Sheldrake (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

New and Improved Features

...

  • PMP-76028 User Login Activity Tracker
  • PMP-75356 App widget with options "Modify," , "List" and "New" 

Configurable

  • PMP-76031 Application-Level Strong Password Policy for Non-SSO Login


Anchor
PMP-76031
PMP-76031
PMP-76031 Application-Level Strong Password Policy for Non-SSO Login

Configurable: Yes

  • Title: Reset Account Lockout Counter
  • Public/Private: Private
  • Default: 1440 (Minutes)


  • Title: Account Lockout Duration
  • Public/Private: Private
  • Default: 0 (Minutes)


  • Title: Enforce Password History
  • Public/Private: Private
  • Default: 5 for existing customers and 24 for baseline.


Existing System

  • No configuration to set account lockout counter timelinetime
  • No configuration to set account lockout option and duration
  • No configuration to manage the number of password history validation while creating a new password.

...

  • Track user's invalid credential login attempt counts within the Reset Account Lockout Counter timeline time from both web and mobile. Currently, there is no timeline time to track the invalid counts, once the browser will refreshed will be refreshed on the login screen of the web the counter will set to zero. This may lead to a security issue as the invalid login counts are not being tracked in the backend. 
  • The new configuration's default value has set to 1440 minutes (24 Hours). So any invalid login attempts from the web or mobile will be tracked for the user within 24 hours and either a reset password email will be sent or the account will be locked out based on the configuration. 
  • If the user will be is able to remember the correct credential and login log into the application within the configuration time (24 Hourshours), the invalid login attempts will reset to zero.
  • Customers can change the configuration time to track the invalid login attempts as per their security policy.

Account Lockout Duration Configuration

  • Using this configuration, the user account will be lockout locked out for a certain time period based on the invalid login attempts. 
  • The user's account will be automatically unlocked , after the lockout timelinetime ends
  • In case of an emergency to unlock , unlocking a user's account can only be done from the backend only. This is not a suggestable option, as this will breach the security. 
  • If the user will try to login tries to log into the application with a valid an invalid credential also, it the system won't allow the user to loginlog in. It will display the message. "Your account is currently locked out due to invalid login attempts, you may try again after "Time & Date". Please don't contact Technical Support, you must wait to try again."

e.g. For Example:

The Account Lockout Duration configuration has set to 30 minutes and the Account Lockout Threshold configuration value is 5, which means after five invalid login attempts from web or mobile, the user's account will be lockout locked out for 30 minutes. Users can only log in to into the application after 30 minutes of the lockout ' time has passed

NoteIf multiple customers ask to provide a feature to reset the account lockout from the administration screen, the feature will be added to the product in future versions. 


Enforce Password History Configuration

  • Configuration to manage password history validation while creating a new password. 
  • This is now hardcoded with the last five password passwords' history validation, with this change the validation will be managed with a configuration. 
  • Customers can set the number of last password passwords' validation as per their security policy. 
  • The configuration value will be five for existing customers and the baseline value will be 24. So for existing customers, it won't allow using the users cannot use their last five passwords while when creating a new password.


Impacts: No Impacts


Back to top

Anchor
PMP-76028
PMP-76028
PMP-76028 User Login Activity Tracker

Configurable: No

  • Title: NA
  • Public/Private: NA
  • Default: NA

Existing System

  • No feature to track unsuccessful login attempts.
  • No option to view successful and unsuccessful login attempts for the location administrator
  • No option to view users who have not accessed the application for more than 60 days 

...

  • To track successful logins along with system information.
  • To track unsuccessful login attempts along with system information.
  • To monitor users who have not accessed the application for a long period of time. time 

Enhanced System:

  • Track and view all successful user login attempts of the users for the location
  • Track and view all unsuccessful user login attempts of the users for the location
  • Monitor user's users who have not accessed the application for a long period of time.

Impacts: NA

Successful Logins :

...

Users who have not access the application for more than 60 days:


Back to top

Anchor
PMP-75356
PMP-75356
PMP-75356 App widget with options "Modify,"

...

"List" and "New"

Configurable: No

  • Title: NA
  • Public/Private: NA
  • Default: NA

Existing System

  • Navigate to the App List screen from the home screen widget

...

  • Option to navigate to different screens of the app directly from the app widget.
  • Access to the options will be managed using the user's permission for the app.

Impacts: NA

Image RemovedImage RemovedImage Added



Back to top