HomeGuidesAPI ReferenceChangelogDiscussions
Log In

Policy Configuration

RegScale provides multiple configurations to allow customers to lock down their instance of the platform based on their unique security requirements. While RegScale is hardened out of the box to meet stringent security requirements, we also support a policy engine that allows each customer to tailor their instance of RegScale based on their organizational risk tolerances and the desired user experience. The following settings are supported:

Pre-Requisites and Background

  • Must be logged in with an administrator account to set policies
  • Policies are available under Setup -> Security Policies
  • NOTE: Account based policies only apply to local RegScale accounts. If using SSO, security settings for accounts do not apply.

Multi-Factor Authentication

  • Checking this box enables Multi-Factor authentication for all local RegScale accounts
  • Users must obtain an access code to unlock a QR code that they can register with Google Authenticator
  • They will then be required to sign in with username, password, and one-time token from Google Authenticator

Disable Temporary Password Distribution

  • RegScale distributes a username and temporary password in two separate emails once a new account is created
  • Some customers do not allow for passwords to be distributed via email
  • Checking this box removes the temporary password distribution email
  • The customer will then be responsible for distributing the password outside of RegScale via other secure means

Minimum Password Length

  • Sets the minimum length of passwords in RegScale

Password Rotation Frequency

  • Sets the number of days a password can be used before it must be changed
  • Once the expiration date is reached, the user will be redirected to the Change Password page and forced to change their password to continue using RegScale

Session Length

  • Sets the period of inactivity after which a user's session will be automatically terminated

Maximum Password Retry

  • Number of tries a user can fail their password prompt before their account is locked

Lockout Duration

  • Sets the amount of time the user is locked out of their account after exceeding the maximum password retry policy
  • NOTE: An administrator can manually unlock their account

Underlying Password Policies

These policies are in place regardless of what the above settings are.

  • Minimum of 12 characters in length
  • Must contain upper and lower case letters
  • Must contain one or more numbers
  • Must contain one or more special characters

Screenshot