4.7 Defining the log in settings
You can define server-wide password settings and the UPN suffix as part of the username that all users can use to log on to SwyxServer. You can use the domain name or an alias for the UPN suffix.
These settings are fixed for SwyxON and cannot be changed.
Two-factor authentication is deactivated by default, except in SwyxON.
For SwyxON the option cannot be deactivated.
For SwyxON the option cannot be deactivated.
Logging on to terminal devices and SIP registrations as well as authentication via Windows user accounts are not affected by these password settings.
Force complex user passwords
In SwyxON the guideline for complex passwords is forced by default and cannot be removed by any administrator.
This server setting can be changed for individual users, see Authentication with user name and password:
When this policy is enabled, passwords must meet the following requirements:
The passwords consists at least of eight characters.The password consists of any characters meeting at least the four following character categories:- upper-case letters such as: [A-Z]
- lower-case letters such as: [a-z]
- Numbers [0-9]
- Non-alphanumeric characters (special characters) such as: full-stops, commas, brackets, blanks, hash tags (#), question marks (?), percent signs (%), ampersands (&).
Alphabetic characters (such as: ß, ü, ä, è, ô) and non-Latin characters (such as: Ω, π, μ) are not special characters and are regarded as letters.
If the Force complex user password and password history option is enabled, the user's last three passwords will be taken into account during the change. The user cannot reuse the last three passwords.
If the Force complex user password and password history option is enabled in the server configuration and/or in the user configuration, the user can continue to use his previous password until he changes his password himself or is forced to do so by the administrator, see Authentication with user name and password
Independent of the password settings, any attempt to re-use the current password is checked by the system and not permitted.
To define the login settings
|
Label
|
Explanation
|
|---|---|
|
Force complex user passwords and password history
|
Activate the checkbox if you want users to use a complex password.
The user's last three passwords are taken into account and cannot be reused.
Existing user accounts are not affected by this policy until a user changes their password themselves or the administrator forces a password change.
|
|
Two-factor authentication
|
Activate the checkbox so that administrators must authenticate themselves via PIN to Swyx Control Center in addition to the user name and password, see also 2 Logging in and logging out.
|
|
Deactivate user after max. number of failed logins
|
Select this checkbox if you want the system to lock user accounts after a specified number of failed logins, such as entering the password incorrectly more than once.
The appropriate users will be deactivated and will not be able to use terminal devices or clients.
System administrators are not locked.
|
|
Maximum number of failed logins
|
Enter after how many failed logins a user account will be locked. The number of failed login attempts will be reset for the appropriate User after one successful login.
After resetting the SwyxServer services or after changing between master and standby server, this number is reset to zero for all Users.
The number of failed log in attempts is irrelevant, when the Administrator has established a forced password change, and the User attempts to log in with his/her previous password.
|
|
Domain (not in SwyxON and SDC)
|
Enter the SwyxServer domain. This serves as the UPN suffix for the username used to log in to SwyxWare Administration and clients.
For logging in to SwyxIt! Classic currently only the display name can be used.
In addition, the domain name is used for registration with Swyx Cloud services, see 4.5 Connection to Cloud Services.
|
|
SCC URL
|
Enter the address where the Swyx Control Center should be reachable for users. The SCC URL is used as a base to generate password reset URLs for welcome emails and password reset emails.
E.g. https://swyxware-admin.local:9443/swyxcontrolcenter/
If you use a local DNS record or a private IP address, the link will work only as long as the user is logged into your local network.
See also 9.2 Authentication for clients.
In SwyxON this setting is set automatically and cannot be changed.
|
If two-factor authentication is activated for a user, their password can only be changed by the administrator.
Other requirements for sending password reset URLs are the following settings of the SwyxServer and the SwyxWare user:
1st Configured email server, see 4.8 Defining an email server
2. Configured email address of the user, see 9.3 Creating Users
1st Configured email server, see 4.8 Defining an email server
2. Configured email address of the user, see 9.3 Creating Users
To allow users secure access to Swyx Control Center via the Internet, the SCC URL must be reachable via the public IP address of your network and protected by a TLS certificate, see help.enreach.com/cpe/latest.version/Administration/Swyx/en-US/#context/help/SCST