/
21.1 Foundation and Framework Release Notes

21.1 Foundation and Framework Release Notes

Owned by Bibhuti Subudhi
Last updated: Apr 22, 2021 by Kathleen Sheldrake (Unlicensed)

New and Improved Features

Product Level Change

  • PMP-76028 User Login Activity Tracker
  • PMP-75356 App widget with options "Modify," "List" and "New" 

Configurable

  • PMP-76031 Application-Level Strong Password Policy for Non-SSO Login


PMP-76031 Application-Level Strong Password Policy for Non-SSO Login

Configurable: Yes

  • Title: Reset Account Lockout Counter
  • Public/Private: Private
  • Default: 1440 (Minutes)


  • Title: Account Lockout Duration
  • Public/Private: Private
  • Default: 0 (Minutes)


  • Title: Enforce Password History
  • Public/Private: Private
  • Default: 5 for existing customers and 24 for baseline.


Existing System

  • No configuration to set account lockout counter time
  • No configuration to set account lockout option and duration
  • No configuration to manage the number of password history validation while creating a new password.

Purpose: 

  • To track invalid login attempts across the platform 
  • To provide the option to lock out the user account based on invalid login attempts
  • To provide a configuration to check past passwords while creating a new password

Enhanced System:

Reset Account Lockout Counter Configuration

  • Track user's invalid credential login attempt counts within the Reset Account Lockout Counter time from both web and mobile. Currently, there is no time to track the invalid counts, once the browser will be refreshed on the login screen of the web the counter will set to zero. This may lead to a security issue as the invalid login counts are not being tracked in the backend. 
  • The new configuration's default value has set to 1440 minutes (24 Hours). So any invalid login attempts from the web or mobile will be tracked for the user within 24 hours and either a reset password email will be sent or the account will be locked out based on the configuration. 
  • If the user is able to remember the correct credential and log into the application within the configuration time (24 hours), the invalid login attempts will reset to zero.
  • Customers can change the configuration time to track the invalid login attempts as per their security policy.

Account Lockout Duration Configuration

  • Using this configuration, the user account will be locked out for a certain time period based on the invalid login attempts. 
  • The user's account will be automatically unlocked after the lockout time ends. 
  • In case of an emergency, unlocking a user's account can only be done from the backend. This is not a suggestable option, as this will breach the security. 
  • If the user tries to log into the application with an invalid credential, the system won't allow the user to log in. It will display the message. "Your account is currently locked out due to invalid login attempts, you may try again after "Time & Date". Please don't contact Technical Support, you must wait to try again."

For Example:

The Account Lockout Duration configuration has set to 30 minutes and the Account Lockout Threshold configuration value is 5, which means after five invalid login attempts from web or mobile, the user's account will be locked out for 30 minutes. Users can only log into the application after 30 minutes' time has passed. 

NoteIf multiple customers ask to provide a feature to reset the account lockout from the administration screen, the feature will be added to the product in future versions. 


Enforce Password History Configuration

  • Configuration to manage password history validation while creating a new password. 
  • This is now hardcoded with the last five passwords' history validation, with this change the validation will be managed with a configuration. 
  • Customers can set the number of last passwords' validation as per their security policy. 
  • The configuration value will be five for existing customers and the baseline value will be 24. So for existing customers, users cannot use their last five passwords when creating a new password.


Impacts: No Impacts


Back to top

PMP-76028 User Login Activity Tracker

Configurable: No

  • Title: NA
  • Public/Private: NA
  • Default: NA

Existing System

  • No feature to track unsuccessful login attempts
  • No option to view successful and unsuccessful login attempts for the location administrator
  • No option to view users who have not accessed the application for more than 60 days 

Purpose: 

  • To track successful logins along with system information
  • To track unsuccessful login attempts along with system information
  • To monitor users who have not accessed the application for a long period of time 

Enhanced System:

  • Track and view all successful user login attempts for the location
  • Track and view all unsuccessful user login attempts for the location
  • Monitor users who have not accessed the application for a long period of time

Impacts: NA

Successful Logins :


Unsuccessful Logins :


Users who have not access the application for more than 60 days:


Back to top

PMP-75356 App widget with options "Modify," "List" and "New"

Configurable: No

  • Title: NA
  • Public/Private: NA
  • Default: NA

Existing System

  • Navigate to the App List screen from the home screen widget

Purpose: 

  • Provide the option to navigate different screens of the app form

Enhanced System:

  • Option to navigate to different screens of the app directly from the app widget
  • Access to the options will be managed using the user's permission for the app

Impacts: NA



Back to top


© 2018 ProcessMAP Corporation, All Rights Reserved Confidential, may not be disclosed without the express permission of ProcessMAP Corporation