#Introduction

The platform provides comprehensive user security policies to enhance login security and protect against malicious attacks.

#Overview

The platform supports the following security policies:

• Password security management
• User account disablement
• User account locking
• User notifications
• Access control

#Configure Security Policy

#Steps

1. In the left navigation bar, click User Role Management > User Security Policy
2. Click Update in the top right corner
3. Configure the security policies as needed
4. Click Update to save changes

#Available Policies

Policy	Description
User Authentication Policy	Enables dual authentication for password-based login: - Users receive verification codes via specified notification methods - Supports various notification servers (e.g., Enterprise Communication Tool Server)
Password Security Policy	Manages password requirements: First Login: - Forces password change on first platform login Regular Updates: - Requires password change after specified period (e.g., 90 days) - Prevents login until password is updated
User Disablement Policy	Automatically disables inactive accounts: - Triggers after specified period of no login
User Locking Policy	Protects against brute force attacks: Lock Conditions: - Triggers after specified number of failed login attempts within 24 hours Lock Duration: - Account remains locked for specified minutes - Automatically unlocks after lock period expires
Notification Policy	Manages user notifications: - Sends initial password via email after user creation
Access Control	Manages user sessions and access: Session Management: - Auto-logs out inactive sessions after specified time - Limits maximum concurrent online users Browser Control: - Ends session when all product tabs are closed - Prevents multiple logins from same client :::note Important Notes: - Access Control only affects new logins after policy update - Browser tab restoration may not trigger session end - Only last login is allowed per client when preventing repeated login :::