Sec/User Mgmt: Settings Tab

Document created by RSA Information Design and Development on Jun 25, 2017Last modified by RSA Information Design and Development on Aug 28, 2017
Version 3Show Document
  • View in full screen mode
  

This topic explains the Administration Security view > Settings tab. In the Settings tab, you configure password complexity for internal Security Analytics users and system-wide security parameters.

For information on configuring these parameters, see Set Up System Security.

Password complexity requirements apply only to internal users and are not enforced for external users. External users rely on their own methods and systems to enforce password complexity.  

To access the Settings tab:

  1. In the Security Analytics menu, select Administration > Security.
    The Security view is displayed with the Users tab open.
  2. Click the Settings tab.

The following figure shows the Password Strength of the Settings tab.

The following figure shows the Security Settings and External Authentication sections of the Settings tab.

The following figure shows the Active Directory Configurations section of the Settings tab.

Password Strength

The Password Strength section enables you to configure password complexity requirements for internal Security Analytics users when they set their passwords.

                                         
FeatureDescription
Minimum Password Length Specifies a minimum password length requirement for Security Analytics user passwords. A minimum password length prevents users from using short passwords that are easy to guess.
Uppercase Characters Specifies a minimum number of uppercase characters for the password. This includes European language characters A through Z, with diacritic marks, Greek characters, and Cyrillic characters. For example:
  • Cyrillic uppercase: Д Ц
  • Greek uppercase: Π Λ
Lowercase Characters Specifies a minimum number of lowercase characters for the password. This includes European language characters a through z, sharp-s, with diacritic marks, Greek characters, and Cyrillic characters. For example:
  • Cyrillic lowercase: д ц
  • Greek lowercase: π λ
Base 10 Digits Specifies a minimum number of decimal characters (0 through 9) for the password.
Special Characters (~!@#$%^&*_-+=`|(){}[]:;"'<>,.?/) Specifies a minimum number of special characters for the password:
~!@#$%^&*_-+=`|(){}[]:;"'<>,.?/
Non-Latin Alphabetic Characters Specifies a minimum number of Unicode alphabetic characters that are not uppercase or lowercase. This includes Unicode characters from Asian languages. For example:
  • Kanji (Japanese): 頁 (leaf) 枒 (tree)
Password May Not Contain Username Specifies that a password cannot contain the case-insensitive username of the user.
Apply Provides the option to force all internal users to change their passwords the next time they log on to Security Analytics. 
The confirmation dialog shows the following question:
Do you want to force all internal users to change their passwords on the next login?
  • Selecting Yes forces all internal users to change their passwords the next time they log on to Security Analytics and overrides any individual user account settings.
  • Selecting No forces only those internal users with the Force password change at next login option enabled in their individual user account settings to change their password the next time they log on to Security Analytics.
Password strength settings take effect when Security Analytics users create or change their passwords.

Security Settings

The Security Settings section enables you to configure global security settings for Security Analytics users.

                                         
FeatureDescription
Lockout Period Number of minutes to lock a user out of Security Analytics after the configured number of failed logins is exceeded. The default value is 20 minutes.
Idle Period Number of minutes of inactivity before a session times out. The default value is 60. If the value is 0, the session will not timeout.
Session Timeout The maximum duration of a user session before timing out  The default value is 600. If the value is 0, there is no maximum time for a session. If the value is a positive integer, the session times out when the configured time has elapsed. The user must log in again.
Case Insensitive User Name Specifies that the RSA Security Analytics Username field on the login screen is case insensitive. For example, you could use Admin or admin to log on to Security Analytics.
Max Login Failures The maximum number of unsuccessful login attempts before a user is locked out. The default value is 5.
Global Default User Password Expiration Period The default number of days before a password expires for all internal Security Analytics users. A value of zero (0) disables password expiration.  For upgrades and new installations, the default value is zero (0).
Notify User <n> Days Prior to Password Expiry The number of days before the password expiration date, to notify a user that their password is about to expire. Users receive a one-time email on the specified date before their passwords expire. They also see a Password Expiration Message dialog when they log on to Security Analytics.
A value of zero (0) disables automatic password expiration notification. If you set the Global Default User Password Expiration Period to zero (0), users do not receive automatic password expiration notifications. 
Apply Makes the settings become effective immediately. 

External Authentication

The External Authentication section enables you to configure Security Analytics to use Active Directory or PAM to authenticate and test external user logins.

                         
FeatureDescription
Active Directory Allows Security Analytics to use Active Directory to authenticate external user logons.
PAM Allows Security Analytics to use Pluggable Authentication Modules (PAM) to authenticate external user logons.
Apply Makes the settings become effective in the next logon. 
Test Prompts for a username and password, then tests the currently enabled external authentication method.

Active Directory Configurations

The Active Directory Configuration section enables you to configure Security Analytics to use Active Directory to authenticate external user logins.

                                                 
FeatureDescription
Enabled Enables Active Directory authentication for Security Analytics users.
Domain Domain name where the Active Directory Service is located.
Host Host name or IP address where the Active Directory Service is located.
Port Port on the host that is used for Active Directory Service authentication.
SSL Indicates whether the Active Directory Service uses SSL.
Username Mapping Indicates the Active Directory search field to use for username mapping. You can specify userPrincipalName (UPN) or sAMAccountName.
User Lookup Filter This is used to find a username in the Active Directory.
Follow Referrals Indicates whether Security Analytics will follow LDAP referrals made by Active Directory.
Username If Username is provided here, it binds to the Active Directory Service while searching Active Directory groups. This credential is not used for any other purpose.
Apply Makes settings become effective immediately.
Next Topic:PKI Settings Tab
You are here
Table of Contents > References > Administration Security View > Settings Tab

Attachments

    Outcomes