Home > WebEOC > Admin Guide > General Manager > Security Options

Security Options

The Security Options section in the General Manager enables you to configure WebEOC in a manner that matches your organization’s security guidelines.

General_Manager_Security_Options.png

In addition to the security features outlined in this section, it is strongly recommended that you implement a Secure Socket Layer (SSL). SSL ensures data is encrypted during the data transfer. See your system administrator or hosting provider to set up this feature.

You should also consider enabling Windows® authentication; this allows you to identify and validate the identity of users accessing WebEOC. See your system administrator or hosting provider to set up this feature.

Allow Self-registration

The Self-registration feature enables users to self-register and set up their own user accounts in WebEOC. When you activate this feature, the New User? Click here to create an account link appears in the WebEOC Login window.

General_Manager_Security_SelfReg_Create_Account.png

Note: If you enable the self-registration feature, you must provide your users with a position name and a position access code (PAC). PACs are configured in the Positions Manager.

Allow Password Reset

When Allow Password Reset? is selected, the Forgot Username/Password? link is enabled. This link can be used to email a user their username if they have forgotten it or send them a link to change their password if they have forgotten that.

General_Manager_Security_SelfReg.png

Allow Users to Edit Their Accounts

Administrators can allow WebEOC users to edit and maintain their own user accounts.

If this feature is not enabled, the account name appears as static information on the information bar and all changes to user accounts must be performed by a system administrator. When enabled, the user account name appears as a link in the information bar.

General_Manager_Security_SelfEdit.png

Clicking the link opens the User Account edit window. Users can update their own account information, such as their password and email address, which eases the burden on administrators. Users can also add data to the Additional Information section. However, this feature does not allow users to change their assigned permissions or access privileges.

General_Manager_Security_SelfEdit_Account.png

Additional Security Settings

The following table lists and describes security options that you can set, as appropriate, for your organization.

Option

Description

Enforce Strong Passwords

If enabled, user passwords must meet the requirements for a strong password. It must contain at least one uppercase letter, at least one lowercase letter, and at least one number.

It is recommended to enable this feature.

Password Age

Sets the number of days a password is valid before it expires. When the number of days is exceeded, the user is required to change their password at their next log in attempt. When set to zero (0), passwords do not expire.
The recommended password age setting is 180 days.

Minimum Password Length

Requires a specified character length for user passwords. Setting the character length to zero (0) removes the character count requirement.
The recommended minimum password length is 8 characters.

Enforce Password History

Determines the number of unique new passwords that have to be associated with a user account before an old password can be reused. If enabled, user passwords cannot be reused for the specified number of times configured in the Password History field.

Password History

If the Enforce Password History setting is enabled, this sets the number of unique passwords a user must exhaust before they are allowed to repeat a particular password.
For example, if Password History is set to 3, the first password may not be reused until three unique passwords have been used.

Account Lockout Threshold

Sets the number of failed login attempts allowed before an account is locked. Setting the threshold to zero (0) allows an unlimited number of login attempts.
As the administrator, you can log in to WebEOC to manually unlock a user account.
The recommended threshold setting is 3.

Note: The built-in WebEOC administrator account cannot be locked regardless of the threshold value.

Account Lockout Duration

After the Account Lockout Threshold is exceeded and the account is locked, this option sets the amount of time that must elapse before the system processes another login attempt.
Setting the duration to zero (0) minutes locks the account until it is manually unlocked by an administrator.
The recommended lockout duration is 30 minutes.

Inactivity Lockout Threshold

Sets the number of days an account can be inactive before it is locked. If a user exceeds the inactive time period, the user cannot log in. If left blank or set to zero (0), the user account remains active until the administrator manually disables or deletes the account.

Enforce Maximum File Storage Size

Ensures the total disk space allotted for data files uploaded into the WebEOC database is limited to a specific number of megabytes; this includes files and attachments added through the File Library, MapTac, Messages, and status boards.

It is recommended to enable this feature.

Max File Storage Capacity

If Enforce Maximum File Storage Size is enabled, set the maximum storage disk space, in megabytes, that can be used to store uploaded files in the WebEOC database.

The recommended maximum storage capacity setting is 500 megabytes.

You must to post a comment.
Last modified

Tags

Classifications

This page has no classifications.