Site Resource Settings

Configure settings for resources on the platform such as alerts, apps, APIs, connections, comments, discussions, groups, tickets, users, reviews, and business security.

Note: this section contains information about the configuration settings defined within the Akana API Platform, which apply to the entire developer portal.

For information about the configuration settings defined in the Akana Administration Console, which apply only to the specific container, refer to Admin Console Settings.

Table of Contents

  1. Where do I configure settings for the platform?
  2. How do I configure settings for alerts?
  3. How do I configure settings for APIs?
  4. How do I configure settings for apps?
  5. How do I configure App OAuth Profile Authorization settings?
  6. How do I configure settings for comments?
  7. How do I configure settings for app/API connections?
  8. How do I configure settings for discussions?
  9. How do I configure settings for groups?
  10. How do I configure settings for login policy?
  11. How do I configure settings for password policy?
  12. How do I configure settings for reviews?
  13. How do I configure settings for business security?
  14. How do I configure settings for tickets?
  15. How do I configure settings for users?
  16. How do I configure settings for two-factor authentication of users (2FA)?
  17. Related Topics

Where do I configure settings for the platform?

You can configure many basic settings that control various aspects of the platform and how it operates.

Note: When you change a setting, it might take up to five minutes for the change to take effect.

You can control settings for the following resources:

For site settings, see Site Settings.

Back to top

How do I configure settings for alerts?

You can configure alert settings to determine which features will be available for alerts on the platform.

Note: When you change a setting, it might take up to five minutes for the change to take effect.

This setting... Controls this feature...
Alert Comment Workflow Definition The workflow definition that will apply to new comments on alerts on the platform (existing comments are not affected).
Markdown Support

Indicates whether Markdown is supported for alerts. Markdown support includes linking and file upload. If disabled, alerts are plain text.

For more information about Markdown support, see How do I enable Markdown for Forum items?

External Link Support Indicates whether external links are supported in Markdown for alerts.
To configure alert settings:
  1. Log in as the Site Admin.
  2. Go to Administration > Settings > Alerts.
  3. Change the settings as needed. For explanations of your choices, refer to the table above.
  4. When done, click Save.

Back to top

How do I configure settings for APIs?

You can configure API settings to determine which features will be available for all APIs on the platform. If a feature is disabled in the API settings page it will not be present in the user interface.

Unless otherwise noted, settings are either enabled or disabled.

You can configure the API settings shown in the tables below:

  • General API Settings
  • Public API Settings
  • Private API Settings

Note: When you change a setting, it might take up to five minutes for the change to take effect.

General API Settings:
This setting... Controls this feature...
Add a new API Determines whether users can create an API that isn't already set up as a service in the API Gateway. Choose this option if users won't need to take advantage of the advanced capabilities offered by the API Gateway. (Default: enabled)
Publish an existing service as an API Determines whether users can create an API by referencing a service already defined in the API Gateway. Choose this option if users might want to use the flexible service definition model offered by the API Gateway. (Default: disabled)
API Scope Groups Determines whether scope groups (API Scope Groups) can be created (groups created in the context of a specific API, that are related only to that API). If this option is enabled, the API Admin can create groups via the API > Visibility > Groups page.
API Promotion Applicable only if the Lifecycle Manager Integration feature is enabled (see How do I configure site settings?): Determines whether API Admins can promote APIs between environments. If the API Promotion setting is disabled, the API Admin sees the API's topology chain, but there is no Promote button to promote the API to the next environment in the chain. For more information on API promotion, see Using Custom Metadata on the Developer Portal (for Site Admins) and Promoting an API to the Next Environment (for information on how the feature works for API Admins).
API Workflow Definition The workflow definition that will apply to all new APIs on the platform (existing APIs are not affected).
Public API Settings:
This setting... Controls this feature...
Supported Determines whether public APIs are supported on the platform. Public APIs are visible to all users, including anonymous users. If this setting is disabled, only private APIs are allowed.
Ratings Determines whether users can rate public APIs. If disabled, the ratings feature does not appear in the user interface.
Sandbox Endpoint Determines whether public APIs will have the option of having a Sandbox endpoint.
Reviews Determines whether users can write and share reviews of public APIs. If disabled, the reviews feature does not appear in the user interface.
Sandbox Auto Approval Determines whether public APIs with a Sandbox endpoint will allow access to it automatically upon request, or will explicitly approve or deny each request.
Scopes Determines whether the Admin will have the option to define scopes (part of the Licenses feature). If implemented, individual API operations can be assigned to different scopes for packaging into different licenses.
Live Endpoint Determines whether public APIs will have the option of having a Live endpoint.
Live Auto Approval Determines whether public APIs with a Live endpoint will allow access to it automatically upon request, or will explicitly approve or deny each request.
Private API Settings:
This setting... Controls this feature...
Supported Determines whether private APIs are supported on the platform. Private APIs are visible only to invited users. If this setting is disabled, only public APIs are allowed.
Sandbox Endpoint Determines whether private APIs will have the option of having a sandbox endpoint.
Sandbox Auto Approval Determines whether private APIs with a sandbox endpoint will allow sandbox access automatically upon request, or will explicitly approve or deny each request.
Live Endpoint Determines whether private APIs will have the option of having a Live endpoint.
Live Auto Approval Determines whether private APIs with a Live endpoint will allow access to it automatically upon request, or will explicitly approve or deny each request.
Independent Group Determines whether private APIs will have the option of having API Context Groups associated with them.
Ratings Determines whether users can rate private APIs. If disabled, the ratings feature does not appear in the user interface.
Reviews Determines whether users can write and share reviews of private APIs. If disabled, the reviews feature does not appear in the user interface.
Scopes Determines whether the Admin will have the option to define scopes (part of the Licenses feature). If implemented, API operations can be assigned to different scopes for packaging into different licenses.
To configure API settings:
  1. Log in as the Site Admin.
  2. Go to Administration > Settings > APIs.
  3. Change the settings as needed. For explanations of your choices, refer to the tables above.
  4. When done, click Save.

Back to top

How do I configure settings for apps?

You can configure app settings to determine which features will be available for all apps on the platform. If a feature is disabled in the app settings page it will not be present in the user interface.

Unless otherwise noted, settings are either enabled or disabled.

Available app configuration settings are shows in the tables below:

  • General App Settings
  • Public App Settings
  • Private App Settings

Note: When you change a setting, it might take up to five minutes for the change to take effect.

General App Settings:
This setting... Controls this feature...
User-Defined Identity

Determines whether users can define their own unique App ID for the app. If this field is enabled, two additional fields appear on the Add/Edit App Info page, so users can define their own values for the following:

  • App ID
  • Shared Secret
App Workflow Definition

The workflow definition that will apply to all new apps on the platform (existing apps are not affected).

There is no default app workflow. One out-of-the-box workflow is available:

  • appversion-workflow-template1
Simultaneous Access to Sandbox and Live If enabled, grants access to both environments in one request.
App Team Membership Workflow Definition

The workflow definition that will apply to all new app team members on the platform (existing app team members are not affected).

Shared Secret Display

Determines how an app’s Shared Secret is displayed when viewed on the App Details page; either in plain text or encrypted.

Note: If you change this setting when there are existing apps on the platform, it is effective immediately for all apps. If you make a change, make sure app developers are notified.

Public App Settings:
This setting... Controls this feature...
Supported Determines whether public apps will be supported on the platform. Public apps are visible to all users, including anonymous users. If disabled, only private apps are allowed.
Ratings Determines whether users will be able to rate public apps. If disabled, the ratings feature does not appear in the user interface.
Reviews Determines whether users will be able to write and share reviews of public apps. If disabled, the reviews feature does not appear in the user interface.
Private App Settings:
This setting... Controls this feature...
Supported Determines whether private apps will be supported on the platform. Private apps are visible only to invited users. If disabled, only public apps are allowed.
Ratings Determines whether users will be able to rate private apps. If disabled, the ratings feature does not appear in the user interface.
Reviews Determines whether users will be able to write and share reviews of private apps. If disabled, the reviews feature does not appear in the user interface.
To configure app settings:
  1. Log in as the Site Admin.
  2. Go to Administration > Settings > Apps.
  3. Change the settings as needed. For explanations of your choices, refer to the tables above.
  4. When done, click Save.

Back to top

How do I configure App OAuth Profile Authorization settings?

As part of app setup, app developers can specify which settings they want to use when connecting to an API using OAuth. These settings are configured from the App Details page: App Details > OAuth Profile.

There are five sets of settings on this page:

  • Branding Settings
  • Access Token Settings
  • Authentication Settings
  • ID Token Settings
  • Authorization Settings (Site Admin or specially authorized app developers only)

The last set, Authorization Settings, are normally not visible to the app developer. In most cases, these settings can only be configured by the Site Admin. However, the Site Admin can implement a custom workflow that allows app developers to modify these settings. If the custom workflow is in place, app developers will see the settings.

Note: These settings give the app developer significant responsibility. In most cases, app developers should not be able to configure these settings for their apps. Only implement the custom workflow that allows app developers to modify these settings if you are absolutely sure they fully understand the meaning of the various settings and will use them appropriately.

For information about the first four setting categories, available to all app developers, refer to What are the settings available on the App OAuth Profile page? (app developer help).

Information about the additional Authorization settings, normally available only to a Site Admin, is given in the table below.

Authorization Settings:
Setting Explanation / possible values
Allowed Grant Types By default, all valid grant types are allowed (Global Setting). To restrict the OAuth grant types allowed, click and then specify which grant types are allowed for this app.
OpenID Connect Supported If the application supports OpenID Connect for OAuth, check this box.
Grant Expiration By default, the global setting is applied. This means that the OAuth grant expiration time is derived based on the OAuth Provider configuration. If there is a reason that this application needs a shorter or longer grant expiration time, click the button and specify the number of hours until the grant expires.
Access Token Expiration By default, the global setting is applied. This means that the OAuth access token expiration time is derived based on the OAuth Provider configuration. If there is a reason that this application needs a shorter or longer access token expiration time, click the button and specify the number of seconds until the grant expires.
Bypass Authorization If OAuth authentication for this application should bypass the authorization page, check this box. For example, this might be appropriate for an internal application.
To configure app OAuth profile settings:
  1. Log in to the developer portal.
  2. Go to the App Details page for the app, and click OAuth Profile.
  3. Change the settings as needed. For explanations of your choices, refer to the table above.
  4. When done, click Save.

For information about how to implement custom workflow to enable these settings for app developers on the OAuth Profile page, refer to Customizing Workflows.

Back to top

How do I configure settings for comments?

You can configure settings to determine which features will be available for all comments on the platform.

Note: When you change a setting, it might take up to five minutes for the change to take effect.

This setting... Controls this feature...
Publishing of Comments Indicates whether comments are published automatically or must be approved by a moderator (Admin).
Markdown Support

Indicates whether Markdown is supported for comments. Markdown support includes linking and file upload. If disabled, comments are plain text.

For more information about Markdown support, see How do I enable Markdown for Forum items?

External Link Support Indicates whether external links are supported in Markdown for comments.
To configure comment settings:
  1. Log in as the Site Admin.
  2. Go to Administration > Settings > Comments.
  3. Change the setting as needed. For explanations of your choices, refer to the table above.
  4. When done, click Save.

Back to top

How do I configure settings for app/API connections?

You can configure connection settings to determine which features will be available for app/API connections on the platform. If a feature is disabled in the connection settings page it will not be present in the user interface.

Unless otherwise noted, settings are either enabled or disabled.

Note: When you change a setting, it might take up to five minutes for the change to take effect.

General App/API Connection Settings
This setting... Controls this feature...
Sandbox Contract Workflow Definition The workflow definition that will apply to all new sandbox contracts on the platform (existing contracts are not affected).
Live Contract Workflow Definition The workflow definition that will apply to all new Live contracts on the platform (existing contracts are not affected).
Sandbox Contract Comment Workflow Definition The workflow definition that will apply to new comments on sandbox contracts on the platform (existing comments are not affected).
Live Contract Comment Workflow Definition The workflow definition that will apply to new comments on Live contracts on the platform (existing comments are not affected).
To configure app/API connection settings:
  1. Log in as the Site Admin.
  2. Go to Administration > Settings > Connections.
  3. Change the settings as needed. For explanations of your choices, refer to the table above.
  4. When done, click Save.

Back to top

How do I configure settings for discussions?

You can configure settings to determine which features will be available for discussions on the platform.

Note: When you change a setting, it might take up to five minutes for the change to take effect.

Discussion Settings
This setting... Controls this feature...
Discussion Workflow Definition The workflow definition that will apply to all new discussions on the platform. Existing discussions are not affected.
Discussion Comment Workflow Definition The workflow definition that will apply to all new discussion comments on the platform. Existing discussion comments are not affected.
Publishing of Discussions Indicates whether discussions are published automatically or must be approved by a moderator (Admin).
Markdown Support

Indicates whether Markdown is supported for discussions. Markdown support includes linking and file upload. If disabled, discussions are plain text.

For more information about Markdown support, see How do I enable Markdown for Forum items?

External Link Support Indicates whether external links are supported in Markdown for discussions.
To configure discussion settings:
  1. Log in as the Site Admin.
  2. Go to Administration > Settings > Discussions.
  3. Change the settings as needed. For the workflow definition, you can:
    • Choose the out-of-the box workflow, workflow:definition:discussion.
    • Choose a custom workflow, if a Site Admin or Business Admin uploaded a custom workflow for discussions.
    • Revert to the default, no workflow for discussions, if a workflow was previously assigned.
  4. When done, click Save.

Back to top

How do I configure settings for groups?

You can configure group settings to determine which features will be available for all groups on the platform. If a feature is disabled in the group settings page it will not be present in the user interface.

Unless otherwise noted, settings are either enabled or disabled.

Available group configuration settings are shows in the tables below:

  • General Group Settings
  • Public Group Settings
  • Private Group Settings

Note: When you change a setting, it might take up to five minutes for the change to take effect.

General Group Settings
This setting... Controls this feature...
Group Support Determines whether groups are supported on the platform. If this setting is disabled, nothing about groups appears in the platform and no other options relating to groups are available.
Group Membership Workflow Definition The workflow definition that will apply to all new groups on the platform (existing groups are not affected).
Group Membership Comment Workflow Definition The workflow definition that will apply to all new comments on groups on the platform (existing comments are not affected).
Public Group Settings:
This setting... Controls this feature...
Supported

Determines whether public groups are supported on the platform. Public groups are visible to all users, including anonymous users. If this setting is disabled, only private groups are allowed. Valid values:

  • Enabled for Admins
  • Enabled
  • Disabled
Ratings Determines whether users can rate public groups. If disabled, the ratings feature does not appear in the user interface.
Reviews Determines whether users can write and share reviews of public groups. If disabled, the reviews feature does not appear in the user interface.
Private Group Settings:
This setting... Controls this feature...
Supported Determines whether private groups will be supported on the platform. Private groups are visible only to invited users. If this setting is disabled, only public groups are allowed. Valid values:
  • Enabled for Admins
  • Enabled
  • Disabled
Ratings Determines whether users can rate private groups. If disabled, the ratings feature does not appear in the user interface.
Reviews Determines whether users can write and share reviews of private groups. If disabled, the reviews feature does not appear in the user interface.
To configure group settings:
  1. Log in as the Site Admin.
  2. Go to Administration > Settings > Groups.
  3. Change the settings as needed. For explanations of your choices, refer to the tables above.
  4. When done, click Save.

Back to top

How do I configure settings for login policy?

You can configure login policy settings to control the login rules for local users logging in to the platform and for the developer portal session configuration.

A value of 0 (zero) in one of these fields indicates that there is no value specified, with the exception of Active Login Session Timeout (see below).

Note: When you change a setting, it might take up to five minutes for the change to take effect.

User Settings
This setting... Controls this feature...
Maximum Number of Consecutive Failed Attempts The maximum number of consecutive failed login attempts before the user's account is disabled.
Time Period for Max Failed Attempts The period of time, in minutes, over which the number of failed login attempts is calculated.
Suspension Time (Minutes) The period of time, in minutes, for which the user's account is locked after failed login attempts.
Inactive Login Session Timeout (Minutes) The period of time, in minutes, after which the user is automatically logged out of the developer portal user interface (any theme) if the session is inactive.
Active Login Session Timeout (Minutes) The period of time, in minutes, after which the user is automatically logged out of the developer portal user interface (any theme) even if the session is active. Users are prompted shortly before the timeout, so that they can save their work before the forced timeout. For this field, if the value is set to 0, the active session timeout is set to 30 minutes (the default).
Support Persistent Sessions A security setting. Default: enabled, which means that the session cookie persists if the browser is closed, until it expires. If this setting is disabled, for added security, the cookie expires if the browser is closed. Exact behavior might vary according to the user's browser version and preferences. For more information, see How can I set up the developer portal so that the cookies are not persistent?
To configure login policy settings:
  1. Log in as the Site Admin.
  2. Go to Administration > Settings > Login Policy.
  3. Change the settings as needed. For explanations of your choices, refer to the table above.
  4. When done, click Save.

Back to top

How do I configure settings for password policy?

You can configure settings to control password policy for local users logging in to the platform.

Note: When you change a setting, it might take up to five minutes for the change to take effect.

User Settings
This setting... Controls this feature...
Minimum Password Length The minimum number of characters allowed in a password.
Maximum Password Length The maximum number of characters allowed in a password.
Minimum Letter Count The minimum number of letters required in a password.
Minimum Number Count The minimum number of whole numbers required in a password.
Minimum Uppercase Letters The minimum number of uppercase letters required in a password.
Minimum Special Characters The minimum number of special characters required in a password. If no value is specified, all characters are allowed.
Special Characters Allowed The special characters allowed in the password. If a value is provided for MinSpecialCharCount, at least one allowed special character must be defined.
Number of Previous Passwords Checked for Match Indicates the number of previous passwords that the new password is checked against, and rejected if there is a match.
Force Password Change Period (Days) Indicates the time interval, in days, before a user is prompted to change the password. If set to 0 (zero), password changing is not enforced.
Can Password Contain Spaces? Indicates whether a password can include spaces.
Is Password Case-Sensitive? Indicates whether a password is case sensitive.
Can Password Match Username? Indicates whether the password and the username can be the same.
Can Password Match Email? Indicates whether the password and the email address can be the same.
To configure password policy settings:
  1. Log in as the Site Admin.
  2. Go to Administration > Settings > Password Policy.
  3. Change the settings as needed. For explanations of your choices, refer to the table above.
  4. When done, click Save.

Back to top

How do I configure settings for reviews?

You can configure settings to determine which features will be available for reviews on the platform.

Note: When you change a setting, it might take up to five minutes for the change to take effect.

Review Settings
This setting... Controls this feature...
Review Workflow Definition The workflow definition that will apply to all new reviews on the platform. Existing reviews are not affected.
Publishing of Reviews Indicates whether reviews are published automatically or must be approved by a moderator (Admin).
Markdown Support

Indicates whether Markdown is supported for reviews. Markdown support includes linking and file upload. If disabled, reviews are plain text.

For more information about Markdown support, see How do I enable Markdown for Forum items?

External Link Support Indicates whether external links are supported in Markdown for reviews.
To configure review settings:
  1. Go to Administration > Settings > Reviews.
  2. Change the settings as needed. For the workflow definition, you can:
    • Choose the out-of-the box workflow, workflow:definition:review.
    • Choose a custom workflow, if a Site Admin or Business Admin uploaded a custom workflow for reviews.
    • Revert to the default, no workflow for reviews, if a workflow was previously assigned.
  3. When done, click Save.

Back to top

How do I configure settings for business security?

You can configure settings to control the level of security associated with platform elements, and to control certain elements relating to security that affect platform users.

You can use the default out-of-the-box user workflow in combination with user settings and business security settings relating to users, to control user experience on the platform and if needed to restrict what users can do. If you need more flexibility, you can design your own custom workflow.

Note: When you change a setting, it might take up to five minutes for the change to take effect.

Business Security Settings
This setting... Controls this feature...
CSRF Support for Read Requests

If enabled, a CSRF token must be sent with the request for all Read requests that require login. The CSRF token is sent on login; including it in requests helps prevent malicious CSRF attacks.

Default: Disabled.

Note: If this setting is disabled, and you enable it, you and any other users already logged in when the setting change takes effect (up to five minutes) will need to refresh, or log out and log back in again.

Encrypt Challenge Answers If enabled, the user's answers to security challenge questions are encrypted in the database.
CSRF Support for Write Requests

If enabled, a CSRF token must be sent with all Write requests. The CSRF token is sent on login; including it in requests helps prevent malicious CSRF attacks.

Note: If this setting is disabled, and you enable it, you and any other users already logged in when the setting change takes effect (up to five minutes) will need to refresh, or log out and log back in again.

Challenge Count

Determines how many security challenge questions a single user must answer. Cannot exceed the total number of questions defined.

Note: If you want to require security challenge questions but no challenge count is available, you must first set up the questions. See How do I configure security challenge questions?

Allow User Enum If disabled, additional security is in effect for new account setup and password reset scenarios, to help prevent user enumeration. For more information, refer to How can I protect from vulnerability in Signup and Forgot Password scenarios?
Allow users to modify their own profiles If enabled, a user can modify the profile information, including the email address if it is associated with a local account.
To configure business security settings:
  1. Log in as the Site Admin.
  2. Go to Administration > Settings > Security.
  3. Change the settings as needed. For explanations of your choices, refer to the table above.
  4. When done, click Save.

Back to top

How do I configure settings for tickets?

You can configure ticket settings to determine which features will be available for tickets on the platform. If a feature is disabled in the ticket settings page it will not be present in the user interface.

Unless otherwise noted, settings are either enabled or disabled.

Note: When you change a setting, it might take up to five minutes for the change to take effect.

General Ticket Settings
This setting... Controls this feature...
Ticket Support Determines whether tickets are supported on the platform. If this setting is disabled, nothing about tickets appears in the platform and no other options relating to tickets are available.
Ticket Workflow Definition The workflow definition that will apply to all new tickets on the platform (existing tickets are not affected).
Ticket Comment Workflow Definition The workflow definition that will apply to new comments on tickets on the platform (existing comments are not affected).
Visibility

Determines who can see the ticket. Valid choices:

  • Public: Visible to anyone who has visibility of the associated API.
  • Private: Visible only to the submitter, API Admins, and app team members only if the ticket was submitted in the context of a specific API.
Markdown Support

Indicates whether Markdown is supported for tickets. Markdown support includes linking and file upload. If disabled, tickets are plain text.

For more information about Markdown support, see How do I enable Markdown for Forum items?

External Link Support Indicates whether external links are supported in Markdown for tickets.
To configure ticket settings:
  1. Log in as the Site Admin.
  2. Go to Administration > Settings > Tickets.
  3. Change the settings as needed. For explanations of your choices, refer to the table above.
  4. When done, click Save.

Back to top

How do I configure settings for users?

You can configure user settings to determine which features will be available for users on the platform. If a feature is disabled in the user settings page it will not be present in the user interface.

Unless otherwise noted, settings are either enabled or disabled.

Note: When you change a setting, it might take up to five minutes for the change to take effect.

User Settings
This setting... Controls this feature...
User Workflow Definition The workflow definition that will apply to all new users on the platform. Existing users are also added to the workflow when they log in if the Upgrade CM Models action is invoked as part of upgrade.
News Update Notification If enabled, news update notifications can be sent to all users, as long as the users have not opted out by clearing the Email me news updates check box on the user profile page. For more information, see How do I enable or disable email notifications?
Validity Period For New User Invitation (in days) The period, in days, for which an invitation extended from a Site Admin to a new user is valid. After this point the invitation expires. If a validity period is set, the maximum is 30 days. If this field is left at 0, new user invitations from the Site Admin do not expire.
Enforce Challenge Questions on Login If enabled, users must provider answers to security challenge questions when logging in to the platform for the first time.
Validity Period for Password Reset Code (in hours)

The period, in hours, for which a password reset code is valid.

Default: 48 hours.

User Self-Signup

Determines whether the platform signup page is generally available for users to sign themselves up.

Default: Enabled.

Validity Period for Signup Code (in days)

The period, in days, for which a signup code is valid. The signup code is issued in the email confirmation for self-signup registration.

Default: 7 days.

Invite Unregistered Users

Determines whether unregistered users can be invited to sign up to the platform or to join platform groups.

By default, all users can be invited; unregistered users are invited to sign up and then invite the group membership invitation. If this option is disabled, an unregistered user cannot be invited to sign up to the platform or to join a platform group.

Note: If this option is disabled, the option to invite new users is removed from the Plus menu.

Default: Enabled.

Validity Period for Invitation Code (in days)

The period, in days, for which an invitation code is valid. The invitation code is issued in an email when a group/team member invites a non-platform user to join the group/team.

After this point the invitation expires. If a validity period is set, the maximum is 30 days. If this field is left at 0, new user invitations from a team member do not expire.

Default: 7 days.

To configure user settings:
  1. Log in as the Site Admin.
  2. Go to Administration > Settings > Users.
  3. Change the settings as needed. For explanations of your choices, refer to the table above.
  4. When done, click Save.

Back to top

How do I configure settings for two-factor authentication of users (2FA)?

You can configure user settings to determine whether two-factor authentication is in use in the platform, and if so, to specify values that guide the authentication process.

For information about how to implement 2FA, see How do I implement two-factor authentication for platform users?

2FA Settings
This setting... Controls this feature...
Require Two-Factor Authentication for Login Indicates whether a verification code will be required as part of the login process, in addition to user credentials such as username/password.
Validity Period for Authentication Code (in seconds) The period, in seconds, for which a verification code will be valid for login.
Maximum Attempts The maximum number of login attempts a user can make with one verification code. After that point, the user will have to request a new code.
Authentication Code Frequency Requirements The rules determining how often and under what circumstances the current two-factor authentication expires and the user must authenticate again. If login is per device or for a specified time period, specify the name of the cookie set by the two-factor authentication. For time period, specify the time in minutes. Valid values:
  • For each login (no extra values needed)
  • Once per device: specify the name of the cookie that will be used during 2FA login
  • After a specific time period: specify the name of the cookie that will be used during 2FA login and also the number of minutes before the verification code expires.
Cookie Name The name of the cookie that will be used during 2FA login.
Interval (in minutes) The number of minutes before the verification code expires.
To configure user 2FA settings:
  1. Log in as the Site Admin.
  2. Go to Administration > Settings > User 2FA.
  3. Change the settings as needed. For explanations of your choices, refer to the table above.
  4. When done, click Save.

Back to top