- Updated On 24 Jul 2020
- 2 Minutes To Read
Under Administration > Access > Preferences, administrators can define specific restrictions that secure the way all users access the system. The following settings are available:
- Timeout Session - sets the amount of inactive time than can elapse before a user is automatically logged out.
- Password Length- sets the minimum number of characters for user passwords. The minimum password length Mambu allows is 6 characters; as a best practice we recommend at least 8. For more information about our password policy, please see Password Policy.
- Automatic Expiry of User Passwords - defines the validity time period of user passwords. When a password expires, the user will be forced to change it before accessing Mambu. (This setting does not apply to API users)
Lock User After Failed Logins
To enhance security and ensure that your users are protected, we have taken the liberty of activating the user lock feature across all environments. The number of failed login attempts can now be set between 3 and 6.
You can configure both the number of retries (failed login attempts) and the cooldown duration under Administration > Access > Preferences > Lock User After Failed Logins.
The recommended minimum values for the cooldown duration, meaning the period after which a user can try logging in again after they've reached the maximum login attempts, are as follows:
|Failed login attempts||Cooldown duration|
In order to make use of this functionality:
- you will need to have set up a valid email server.
- the user must have an email address associated with their account.
If the invalid login attempts come via the APIs using basic auth, the same rules defined in Administration > Access > Preferences > Lock User After Failed Logins apply.
IP Access Restrictions
This section lets an administrator define a whitelist of approved IP addresses. Devices must use one of the approved IP addresses in order to log in to Mambu. You can use the
* symbol as a wildcard to customise IP restrictions. For example, you can add
146.52.178.* to allow access from all IP addresses from
Critical Actions Re-Authentication
With this setting enabled, a logged-in user is prompted to re-enter their password for identity verification whenever changing important settings, modifying products, making transfers, and so on.