Password Policy

Password Strength

Minimum password length

The minimum length the password must be before it can be saved.

Password must contain at least one:

• Numeric Character

• Uppercase Character

• Symbol Using !@#$%^&*()

• Numeric Character - this has replaced ‘Force Password Alphanum’ and will be automatically flagged where true in your existing environment. Where ticked, the user cannot save the password if there is not at least one numeric character in their password.

• Uppercase Character - where ticked, the user cannot save the password if it does not contain at least one uppercase alpha character.

  • Symbol Using !@#$%^&*() - where ticked, the user cannot save the password if it does not contain at least one symbol as shown in the label.

Password Reset Settings

Days Before Password Expiry

Value entered is the duration the Agency User’s password is valid for. Where this anniversary occurs, on the next login attempt the user is forced to change their password.

Enforce Password Reset

Where a user has not created their own password, if this setting is ticked, on first login, the system forces the user to change their password.

Apply to User Type(s)

Where ‘Enforce Password Reset’ has been ticked, select the User Type that this rule will apply to.

Password Reuse

Where ticked, a value is entered to determine the amount of times a user cannot repeat a previously used password. For example if the value is 4 (default) the user cannot change their password to a previously used password the next 4 occasions they change their password.

Login Settings

Disable User Name auto complete

Where ticked the browser setting (Remember Me) will be disabled for the instance on the FastTrack login page. As such the Username and or Password will not be automatically filled.

No of Login Attempts before CAPTCH

Where a number (threshold) is entered in this field, when user attempts to login, if they enter in incorrect credentials, the CAPTCHA pop up is displayed after the threshold number of incorrect attempts has been reached.

No of login Attempts before Locking

Where a number (threshold) is entered in this field, the User will be locked out of the System if they exceed the threshold. For Agency Users within the user record in Maintenance > Users, the the Password Details >’Login Blocked’ field is automatically ticked to prevent the user from further login attempts.

For Client Contact / Candidate Users, the login blocked field is also displayed within their records, and can be unlocked by an Agency User to Candidate Online Profile / Contact Online Profile.

The login blocked field will need to be manually unticked to provide the user with access to the system.

Locked Login Message

Where a User’s Login is blocked due to exceeding Number of Login Attempts, the message entered here is displayed to the User ie; Account Locked, please contact …. ‘

Activate Session Timeout

Where ticked, the system will automatically timeout when the system has been idle as defined in ‘Session Timeout Duration’ below.

Session Timeout Duration

Enter in the idle duration (minutes) where ‘Activate Session Timeout’ has been ticked.

Security Question Required

Tick to:

• Prompt the system to force a user to set a Security Question on login, where it has not already been configured.

• Where ‘Forgot Password’ on the login page is clicked, the system will only dispatch a re-set password email if there is a correctly answered Security Question.

Override Login for Timesheet Link

Where ticked, overrides login and takes the user straight to the timesheet or timesheet tab where the timesheet notification received by the user contains a Timesheet Link merge tag that is selected.

Multi Factor Authentication (MFA) Global Settings

Remember Me

Select where you wish to store that the User has successfully authenticated to MFA, and this is remembered for the assigned period of time, thereby avoiding the MFA Authentication screen for that period.

Don’t have device - security question option

Where ticked, the user will be able to select this option in the MFA login page.  User will have to answer their Security Question to access the system.

Where the country has mandated that users of particular components of the system (for example people who can access payroll data) must have MFA imposed, this option will not display in the MFA login page, as those users must use MFA.

Default Methodology

Determines the default MFA methodology assigned to new user records. Can be TOTP (default) or SMS. To use SMS as an option you must have SMS configured in your environment so authentication messages can be dispatched.

MFA Active Date

Displays the Date that MFA has been activated in your environment.

MFA Mandatory Permission Items

List

Displays a list of Countries and user types that will have MFA imposed, if the Country has requested MFA compliance where users access personal information. Click on this list item to view a pop up of the permission items that will invoke MFA. If a user has one or more of these permission items, MFA will be imposed. As this is a legislated compliance requirement, this setting is system defined and cannot be changed by an agency.

MFA Security Roles

List

If, in addition to any Country imposed compliance requirements, you wish to impose MFA on users who have particular Security Roles assigned, use this setting to create your requirements by User Type and Security Role.