Password Policy: Defines the criteria that passwords must comply to.
AVAILABLE FROM CRM.COM R10.0.0 - Username Policy: Defines the criteria that usernames must comply to.
Invalid Authentication Policy: Defines the number of failed login attempts a User is allowed within a set period of time before getting 'Locked-out', as well as the 'Lock-out Period'. During the Lock-out Period the User cannot login even with valid credentials.
Authentication Policy: Defines whether the authentication of Users at login is implemented by CRM.COM or LDAP/Active Directory. There is the option to test the connection to LDAP once the Settings are saved.
IP Authorisation Rules: Defines the IP addresses from which Users can or cannot access CRM.COM. Each IP Authorisation Rule has a set of restrictions representing the Allowed and Denied IP addresses. A restriction can take the form of a specific IP address, a range of IP addresses or an IP address pattern. Each IP Authorisation Rule also has a set of Conditions defining the set of Users to which the rule applies. This set of conditions includes Users, Units, Groups or Communities in any required combination.

If User Authentication Settings are not configured in the System, then only Super Users can access the System. All information is considered mandatory.

Navigate to User Authentication Settings and explore existing entries via the Summary page.
Click on the link (Name or Number) of the entry of your interest to enter the Data Entry page and see more detail.
Use the Actions Menu to create NEW User Authentication Settings, modify (EDIT) or DELETE existing ones.
Use the BACK to return to the Summary page and CANCEL to revert any unwanted changes made to the User Authentication Settings.
Click on the Audit Trail button to view a log of changes performed on the displayed User Authentication Settings.

Check the Validations & Restrictions Table below for a list of available Actions when working with User Authentication Settings, including each Action's related validations and restrictions. View the Attributes Table for a comprehensive description of the User Authentication Settings fields.

Validations & Restrictions

Action	Validations	Restrictions
General	Not applicable	If User Authentication Settings are not configured in the System, then only Super Users can access the System. All information is considered mandatory. You can only have one set of UserAuhtenticationSettings.
Create	Not applicable	Not applicable
Edit	All mandatory fields must be provided. Multiple IP Authorisation Rules can be configured and used as long as they are in an 'Active' state.	Not applicable
Delete	Not applicable	User authentication records cannot be deleted.

Attributes

An * indicates a field is mandatory.

Name	Description
PASSWORD POLICY Defines a set of criteria that passwords must comply to. The password policy is applied whenever a new password is selected.
Minimum Length*	The minimum required number of characters (alphabetical, numerical, or special) of the password.
Minimum Number Of Alphabetical Characters (a-z)*	The minimum number of alphabetical characters from 'a' to 'z' that should be included in the password.
Minimum Number Of Integers (0-9)*	The minimum number of integers from '0' to '9' that should be included in the password.
Minimum Number Of Other Characters (Special Characters)*	The minimum number of special characters that should be included in the password.
Validity AVAILABLE FROM CRM.COM R10.0.0	Defines the period that the password will be valid for until it expires. The available options are: Always valid (default) Valid for a specific number of days AVAILABLE FROM CRM.COM R11.4.0 The Password's Validity Period is applied to all Users by default. Exceptions can also be defined which is a list of Users for which the Password never expires, i.e. the Policy's Password Expiration Setting is not applied. Setting up User exceptions is available only if the Validity Period of the password policy is set to "Valid for a specific number of days".
Applies for Organisation Groups AVAILABLE FROM CRM.COM R10.0.0	Defines the Organisation Group the Policy applies to. This field is not available through the UI but is present in the database. It is automatically set once a policy is saved. i.e. the group of the organisation of the logged in User is automatically saved.
USERNAME POLICY AVAILABLE FROM CRM.COM R10.0.0 Defines a set of criteria that a username must comply to. The username policy is applied whenever a new username is selected.
Minimum Length*	The minimum requirednumberof characters (alphabetical, numerical, or special) of the username.
Minimum Number Of Alphabetical Characters (a-z)*	The minimum number of alphabetical characters from 'a' to 'z' that should be included in the username.
Minimum Number Of Integers (0-9)*	The minimum number of integers from '0' to '9' that should be included in the username.
Minimum Number Of Other Characters (Special Characters)*	The minimum number of special characters that should be included in the username.
Applies for Organisation Groups	Defines the Organisation Group the Policy applies to. This field is not available through the UI but is present in the database. It is automatically set once a policy is saved. i.e. the group of the organisation of the logged in User is automatically saved.
AUTHENTICATION POLICY Defines which authentication policy is in force. Once the connection is set up it can be tested. Refer to Testing Active Directory/LDAP connection.
Use Active Directory/LDAP Authentication	Determines whether Active Directory/LDAP settings will be used during the authentication process.
Server Type*	The type of server performing the authentication. This should be set to Active Directory/LDAP.
Domain*	The domain of the Active Directory Server.
Hostname*	The Hostname of the machine where the Directory is installed.
Port*	The Port number of the Directory Server.
Username*	A valid username of a User authorised to connect to the Active Directory Server.
Password*	The valid password of the User authorised to connect to the Active Directory Server.
Search Base	Indicates the location in the LDAP Directory where the search should begin.
Use SSL	Defines whether an SSL connection will be used.
Password Ageing Warning (in Days)	Defines the number of daysnoticeregarding password expiration in Active Directory that the User is given through CRM.COM.
INVALID AUTHENTICATION POLICY Defines the policy applied when User authentication fails after a number of invalid attempts and when the User will be able to log in again. The user must log out and log in again for Authentication Policy* changes to take effect.*
Invalid Login Settings	Invalid Login Attempts: Defines the number of maximum invalid login attempts by a user, allowed within the Period Period Within X Minutes: The period during which the failed login attempts resulting in UserLock-outoccur.
Lock-out Time After Invalid Login Attempts (in Minutes)	Defines the time for which the user will not be able to attempt login after the maximum number of failed attempts in a specific period occurred.
Applies for Organisation Groups AVAILABLE FROM CRM.COM R10.0.0	Defines the Organisation Group the Policy applies to. This field is not available through the UI but is present in the database. It is automatically set once a policy is saved. i.e. the group of the organisation of the logged in User is automatically saved.
IP AUTHORISATION RULES Determines the rules that define or restrict the IP addresses from which access to CRM.COM is granted.
State	The state of the IP Authorisation Rule which can be either 'Active' or 'Inactive'. By default, the State is set to 'Inactive'. Only 'Active' IP Authorisation Rules are evaluated and applied.
IP Addresses Restrictions	Defines a list of IP Addresses from which users are allowed or denied access to CRM.COM. At least one IP address must be specified.
Allowed Organisational Units	Defines the Organisational Units to which an IP Authorisation Rule is applied. If no conditions are defined, then the IP Authorisation Policy is applied to all Users among all Organisational Units. Multiple Organisational Units, i.e., Users, Units, Groups or Communities can be specified.
Applies for Organisations	Defines the Organisation to which an IP Authorisation Rule is applied. If no conditions are defined, then the IP Authorisation Policy is applied to all users among all Organisations. This field is not available through the UI but is present in the database. It is automatically set once a policy is saved. i.e. the group of the organisation of the logged in User is automatically saved.

Testing Active Directory / LDAP Connection

Once the Authentication Policy is configured and the Settings are saved, the Active Directory/LDAP connection should be checked by following the steps below:

From the Action Menu click on ACTIONS > TEST CONNECTION.
The System will display a message informing whether the connection test was successful or not.

Related Areas

Page:

Configuring User Authentication Settings
Page:

Configuring User Templates
Page:

Understanding User Management
Page:

Managing Users
Page:

Bulk Users Creation
Page:

Handling Invalid Login Attempts

Helpful Links

Page:

CRM.COM Quickstart Manual
Page:

Working with Summary Pages - R18
Page:

Working with Summary Pages
Page:

Working with Summary Pages - R15
Page:

Extracting a Printout from a Data Entry page

CRM.COM Manual

Configuring User Authentication Settings

Table of Contents

Navigating to User Authentication Settings

What is User Authentication Settings?

Validations & Restrictions

Attributes

Testing Active Directory / LDAP Connection

Related Areas

Helpful Links