Login Configuration - Policy section
In Policy section you define user password security level in NSP. Level can be selected from three predefined settings:
1. Low - This level defines that the password must be at least 5 characters.
2. Medium - This level defines that the password must be at least 6 characters. It must include letters in mixed case, numbers and a character which is not the letter or number means special character.
3. High - This level defines that the password must be of at least 9 characters. It must include letters in mixed case and numbers, and a special character which is not a letter or number. It must be different than the previous five passwords. It expires in 90 days.
Besides the password security level, you can set duration in hours when unused password link expires, maximum login attempts and unavailability period after failed login.
4. Force two factor authentication: Mark this checkbox if you want to force Two factor authentication (2FA). In this case all users will be forced to using 2FA security system that requires an additional login credential – beyond just the username and password – to gain account access. NOTE: IF force 2FA is enabled user will not be able to disable 2FA settings in user profile.
5. Password Link Expiration: The value will specify the time in Hours after which create / reset password link will be expired, if it is unused. It contains numeric textbox to define the time in hours. You can enter the value or can use increase/decrease button to increase or decrease the value.
6. OTP code expiration: define the time interval for OTP code validity, previously the value was 120 seconds, and now it is possible for the system administrator to set how long he wants an OTP code to be valid.
7. Maximum login attempts: The value will specify a limit on the number of unsuccessful login attempts that a user can make. You can enter the value or can use increase/decrease button to increase or decrease the value.
8. Account unavailability period after last failed login: The value will specify the time in Minutes for which account will be suspend after last failed login. It contains numeric textbox to define the time in minutes. You can enter the value or can use increase/decrease button to increase or decrease the value.
9. Auto login timer - When auto login timer value is set to 0, you will be automatically redirected to "Auto login SSO". If you want to open login page without "auto login sso", you can add "?disableAutoLogin=true" in url (Self Service Portal or Agent Portal). Here is an example: https://nilexssp.nilex.se/?disableAutoLogin=true