Home > Security Settings

Categories:


(Last Updated On: August 28, 2018)

Security Settings

Only your account owner can change your security settings.

*The new security settings are available on premier, unlimited and enterprise accounts.

Password Rules

Password complexity

Change the password requirements to increase the difficulty of password cracking

Every time you increase the requirements of your passwords all your users passwords will be expired. For your users sake, keep this to a minimum.

1. Length

Require your users to have a certain number of characters in your password. This is important because the time it would theoretically take to crack a password increases exponentially with each added character.

2. Require letters in mix case

Require your users to combine both upper case and lower case character. I.e ‘notsafepassword’ wouldn’t be accepted ‘safePassword’ would.

3. Require at least one number + Require at least one special character.

Enabling “Require at least one number” will require your users to have at least one number in their password. For example ‘notsafepassword’ wouldn’t be accepted but ‘safepassword1’ would or ‘saf3password’ would also be accepted.

Enabling “Require at least one special character” will require your users to have at least one special character (non-alphabetic and non-numeric). For example ‘notsafepassword’ wouldn’t be accepted but ‘safepassword!’ would or ‘safe+password’ would also be accepted.

4. Password cannot  contain user information

Make sure that your users aren’t using parts of their login information in their password. This is important because when trying to guess someones password it’s common practice to try to get information from your users login. For example, name.surname@domain.com wouldn’t be allowed to user name or surname in his/hers password.

Password handling

 

5. Require password originality

When a user renews his or hers password this option forbids re-usage of old passwords. You can make sure that the password hasn’t been used before for the last 5 to 8 passwords or for any password that has been used for the last 1, 6 or 12 months.

If two password settings get compared, we would consider the ‘x last passwords’ option more secure than ‘passwords in the last x months’.

Why would I want to prohibit password reuse?

Because of risk mitigation and human psychology. What would you do if you become aware of a password leak in your administration? The easiest would be to just ask your account owner to reset all the user passwords. However, we humans tend to be wary of changing our passwords. Many of us decide to just set our new password to our old password this would render the action useless. To make sure this does not happen you can disallow password reuse.

6. Password automatically expires

Require that your users renew their password on a recurring basis.

7. Lock account after failed login attempts

If the user has failed to login after a certain amount of attempts lock his/hers account. When a user’s account is locked the account will be unlocked again after a certain time (except if specifically required to lock permanently) or be unlocked from the admin dashboard.

How to unlock a locked user account

If one of your user accounts has been locked, you can unlock this from the admin dashboard, by going to Settings -> Agent Settings -> click to “Edit” the individual agent’s profile, and clicking the button marked “8” below:


Access rules

Here you can configure who can access SnapEngage.

9. Restrict SnapEngage access by IP

You can restrict access to SnapEngage by IP addresses. You can either give specific IP addresses or you can use wildcards

Here are some examples of valid IP addresses.

  • 192.168.1.1
  • 192.168.1.*
  • 192.168.1*.*
  • 192.*.*.*
  • 192.16*.1.1
  • FE80:0000:0000:0000:0202:B3FF:FE1E:8329
  • FE80:0000:0000:0000:*:B*:FE*:*

You can also get the IP address of your current computer. Here’s an example of us getting the IP (ipv6) from our current computer and we add a wildcard to that URL so that any IP that starts with “0:0:0:0:0:0:0:” will be accepted. This is useful if your organization shares a set amount of IP addresses. For example 192.168.1.1 – 192.168.1.255 then you would add 192.168.1.*

10. Exclusive Login

Checking this box means that your agents will only be able to sign in via SSO. They will no longer be able to use their SnapEngage password to log in.

11. Custom SAML 2.0 Integration

You can connect SnapEngage with your Custom SAML 2.0 configuration so that users can sign in to SnapEngage using this, rather than their SnapEngage account details. You can read more about this here:

SSO via SAML 2.0 and Microsoft Active Directory Federation Server (ADFS) with SnapEngage

SSO via SAML and Okta with SnapEngage

12. Deactivate account due to inactivity

Deactivate user accounts if a user hasn’t logged in for a set amount of time, you can find this option under My account > Security > Access rules.

Did you find this article helpful?

Not HelpfulNeeds WorkSo-soHelpfulVery Helpful (2 votes, average: 3.00 out of 5)
Loading ... Loading ...

Published October 17, 2014