Understanding security options in ClearPoint
For administrators who want to add an extra layer of security for their users, the ‘Organization and Security’ menu has some great options.
1) Click on ‘Admin Options’ from under ‘System Settings’.
2) From the grid of options, select ‘Organization and Security.’ A new window will open.
3) Click on the ‘Organization Details’ tab.
4) If you don’t want anyone logging into ClearPoint at this point in time, enable ‘Lock Account.’
5) If you lock your account using the ‘Lock Account’ feature, you can adjust the ‘Locked Account Message’ to better communicate the reason why they cannot log in.
6) Click on the ‘Security’ tab.
7) ‘Password Validation Regular Expression’ controls the characters required for passwords to ClearPoint. We advise against changing this, however if you are interested in this Google password validation regular expression to learn how it is done.
8) ‘Password Validation Message’ is how you can communicate the password requirements to your users. This will appear on the login screen when they are creating a new password.
9) The first available checkbox under ‘Security’ says ‘Require Two-Factor Authentication.’ Enabling this feature will require that all of your users go through Two-Factor Authentication upon logging in. To learn how this works, check out this page.
10) ‘Prevent Multiple Logins’ is useful if you do not want multiple people using the same login credentials. Users will be kicked out of ClearPoint if someone attempts to log in with the same credentials.
11) It is smart to have users reset their passwords regularly. Enable ‘Expire Passwords Every 90 Days’ to force your users to reset their password upon logging in every 90 days.
12) ‘Reset All Passwords’ will require that every user in your system resets their password the next time they log in.
13) It is possible that while you are navigating around ClearPoint, you come across a red message that states: “Warning: Invalid or potentially dangerous content was filtered out of this field. Please contact firstname.lastname@example.org for more information.” This message indicates that the field’s HTML has potential for cross-site scripting, a security vulnerability allowing a user to alter the code that an application delivers to a user which is executed in the user’s web browser. We implemented a tool that searches for this vulnerable HTML and auto cleans it, with the default option being to ‘Warn and Auto-Clean Invalid Content.’ However, there are other options available for managing this HTML, which can be defined here. For more information about this, feel free to read this article that explains how we approached preventing cross-site scripting.
14) Once all of your settings have been configured, hit ‘Save’.