Home > Security Settings
(Last Updated On: December 10, 2019)
Only your account owner can change your security settings.
*The new security settings are available on premier, unlimited and enterprise accounts.
Change the password requirements to increase the difficulty of password cracking
Every time you increase the requirements of your passwords all your users passwords will be expired. For your users sake, keep this to a minimum.
Require your users to have a certain number of characters in your password. This is important because the time it would theoretically take to crack a password increases exponentially with each added character.
Require your users to combine both upper case and lower case character. I.e ‘notsafepassword’ wouldn’t be accepted ‘safePassword’ would.
Enabling “Require at least one number” will require your users to have at least one number in their password. For example ‘notsafepassword’ wouldn’t be accepted but ‘safepassword1’ would or ‘saf3password’ would also be accepted.
Enabling “Require at least one special character” will require your users to have at least one special character (non-alphabetic and non-numeric). For example ‘notsafepassword’ wouldn’t be accepted but ‘safepassword!’ would or ‘safe+password’ would also be accepted.
Make sure that your users aren’t using parts of their login information in their password. This is important because when trying to guess someones password it’s common practice to try to get information from your users login. For example, firstname.lastname@example.org wouldn’t be allowed to user name or surname in his/hers password.
When a user renews his or hers password this option forbids re-usage of old passwords. You can make sure that the password hasn’t been used before for the last 5 to 8 passwords or for any password that has been used for the last 1, 6 or 12 months.
If two password settings get compared, we would consider the ‘x last passwords’ option more secure than ‘passwords in the last x months’.
Why would I want to prohibit password reuse?
Because of risk mitigation and human psychology. What would you do if you become aware of a password leak in your administration? The easiest would be to just ask your account owner to reset all the user passwords. However, we humans tend to be wary of changing our passwords. Many of us decide to just set our new password to our old password this would render the action useless. To make sure this does not happen you can disallow password reuse.
Require that your users renew their password on a recurring basis.
If the user has failed to login after a certain amount of attempts lock his/hers account. When a user’s account is locked the account will be unlocked again after a certain time (except if specifically required to lock permanently) or be unlocked from the admin dashboard.
If one of your user accounts has been locked, you can unlock this from the admin dashboard, by going to Settings -> Agent Settings -> click to “Edit” the individual agent’s profile, and clicking the button marked “8” below:
Here you can configure who can access SnapEngage.
You can restrict access to SnapEngage by IP addresses. You can either give specific IP addresses or you can use wildcards
Here are some examples of valid IP addresses.
You can also get the IP address of your current computer. Here’s an example of us getting the IP (ipv6) from our current computer and we add a wildcard to that URL so that any IP that starts with “0:0:0:0:0:0:0:” will be accepted. This is useful if your organization shares a set amount of IP addresses. For example 192.168.1.1 – 192.168.1.255 then you would add 192.168.1.*
Please be aware that the IP restriction does not apply if you are using a custom SAML integration when logging in.
Checking this box means that your agents will only be able to sign in via SSO. They will no longer be able to use their SnapEngage password to log in.
You can connect SnapEngage with your Custom SAML 2.0 configuration so that users can sign in to SnapEngage using this, rather than their SnapEngage account details. You can read more about this here:
Deactivate user accounts if a user hasn’t logged in for a set amount of time, you can find this option under My account > Security > Access rules.
Please be aware that the following security rules DO NOT apply to account owners :
- Manually locked account
- Locked due to inactivity
- Exclusive provider access
- IP restriction
Published October 17, 2014