Configure Sign-On Settings

Overview

Select Configure Sign-On Settings on the Manage Users screen.

Configure the company's sign-on settings, which control the security of user log-ins and sessions.

Authentication and Timeout

  • Authentication Method – Indicates which sign-on method the company currently uses.
    • Use TraceLink security to authenticate users – (default) The user sets the expiration time, as well as all TraceLink login and password settings. When selected, the Login and Password Settings section displays below.
    • Use your company's single sign-on capability to authenticate users – The user sets the expiration time and then adds the Single Sign-On setting certificate and related authentication elements. When selected, the Single Sign-On Settings section displays below.
  • Expire User Session After – The amount of time (in minutes) that the user's login session lasts for after the last action the user takes.

    Range allowed: 1 to 480 minutes. Defaults to 30 minutes.

Login and Password

This section displays only if the Authentication Method above is Use TraceLink security to authenticate users.

  • Failed Login Attempts – Indicates the number of login attempts a user can have before the TraceLink Network locks the account.
    • Lock after 5 failed consecutive login attempts – (default) Users are allowed 5 failed login attempts before being locked out, after which they must contact their Administrator to reset their password.
    • Lock account after [n] failed consecutive login attempts – Users can only have the number of the failed login attempts entered in the text field before the TraceLink Network locks the account. Values of 1 through 15 allowed.

      Defaults to 5 attempts. Values of 1 to 15 allowed.

      • Unlock account after [n] minutes – When the TraceLink Network locks an account, the account unlocks after the number of minutes entered in the text field.

        Defaults to 15 minutes.

        If the account is not unlocked or the issue continues, contact TraceLink support.

  • Password Expiration – Indicates when passwords expire.
    • Passwords never expire – Passwords do not expire.
    • Passwords expire after [n] days – (default) Passwords expire after the number of days entered in the text field.

      Defaults to 90 days.

      • Alert user [n] days before password expires – Users receive an alert message in the TraceLink Network on the first screen after login before their password expires, according to the number of days entered in the text field.

        Defaults to 14 days.

  • Password Reuse – Indicates whether users can reuse previous passwords.
    • Users can reuse all previous passwords – When passwords expire, users can reuse any previous passwords.
    • Users cannot reuse any of their previous [n] passwords – (default) When passwords expire, users cannot use their previous passwords, up to the number entered in the text field.

      Defaults to 10 previous passwords.

Single Sign-On

This section only displays if the Authentication Method above is Use your company's single sign-on capability to authenticate users.

  • Single Sign-On Certificate – The text of the company's entire single sign-on certificate.

    Include the first line (e.g. ------ BEGIN ------) and the last line (e.g. ------ END ------).

  • Authentication End Point – The TraceLink path where the TraceLink Network sends the users' authentication requests after login.

    This path needs to be set both here and in the company's single sign-on software. Use the format "saml/sso/[comany_name]". The [company_name] must be the company's name on the TraceLink Network.

  • Authentication Server Redirect URL – Where the TraceLink Network should send users that try to access TraceLink without a valid session (i.e. the company's single sign-on URL).
  • Redirect URL Parameter Name – The name of the parameter that the redirect URL includes, which informs the authentication server where to send the users after the single sign-on software authenticates the login (e.g. returnurl, redirecturl).

Available Actions

  1. Select the Authentication Method from the radio buttons.
  2. Enter the Expire User Session After in the text field.
  3. If the Authentication Method is Use TraceLink security to authenticate users:
    1. Select the Failed Login Attempts from the radio buttons.
      • If Lock after [n] failed consecutive login attempts is selected:
        1. Enter the number of login attempts allowed in the text field.
        2. Select or deselect the Unlock account after [n] minutes checkbox. Enter the number of minutes in the text field if selected.
    2. Select the Password Expiration from the radio buttons.
      • If Passwords expire after [n] days is selected:
        1. Enter the number of days in the text field.
        2. Select or deselect the Alert user [n] days before password expires checkbox. Enter the number of days in the text field if selected.
    3. Select the Password Reuse from the radio buttons.
      • If Users cannot reuse any of their previous [n] passwords is selected, enter the number of passwords in the text field.
  4. If the Authentication Method is Use your company's single sign-on capability to authenticate users:
    1. Enter the entire Single Sign-On Certificate in the text field.
    2. Enter the Authentication End Point in the text field.
    3. Enter the Authentication Server Redirect URL in the text field.
    4. Enter the Redirect URL Parameter Name in the text field.
  5. Select Update Settings.

    The Update Sign-On Settings? dialog box displays.

  6. Select Confirm.

    The dialog box closes, the Manage Users screen displays, and TraceLink saves the updated sign-on settings.