Access Preferences
  • 24 Jul 2020
  • 2 Minutes To Read
  • Print
  • Share
  • Dark

Access Preferences

  • Print
  • Share
  • Dark


Under Administration > Access > Preferences, administrators can define specific restrictions that secure the way all users access the system. The following settings are available:

Administration/Access/Preferences screen

  • Timeout Session - sets the amount of inactive time than can elapse before a user is automatically logged out.
  • Password Length- sets the minimum number of characters for user passwords. The minimum password length Mambu allows is 6 characters; as a best practice we recommend at least 8. For more information about our password policy, please see Password Policy.
  • Automatic Expiry of User Passwords - defines the validity time period of user passwords. When a password expires, the user will be forced to change it before accessing Mambu. (This setting does not apply to API users)

Lock User After Failed Logins

To enhance security and ensure that your users are protected, we have taken the liberty of activating the user lock feature across all environments. The number of failed login attempts can now be set between 3 and 6.

Please Be Aware
Locked users can only be unlocked by an administrator.

You can configure both the number of retries (failed login attempts) and the cooldown duration under Administration > Access > Preferences > Lock User After Failed Logins.

The recommended minimum values for the cooldown duration, meaning the period after which a user can try logging in again after they've reached the maximum login attempts, are as follows:

Failed login attempts Cooldown duration
3 15 minutes
4 30 minutes
5 60 minutes
6 permanent
Please Note
When the maximum number of failed logins is reached, Mambu will automatically send an email to users to inform them that their account is locked.
In order to make use of this functionality:

If the invalid login attempts come via the APIs using basic auth, the same rules defined in Administration > Access > Preferences > Lock User After Failed Logins apply.

IP Access Restrictions

This section lets an administrator define a whitelist of approved IP addresses. Devices must use one of the approved IP addresses in order to log in to Mambu. You can use the * symbol as a wildcard to customise IP restrictions. For example, you can add 146.52.178.* to allow access from all IP addresses from to

Critical Actions Re-Authentication

With this setting enabled, a logged-in user is prompted to re-enter their password for identity verification whenever changing important settings, modifying products, making transfers, and so on.

Was This Article Helpful?