You can customize your system configuration as required. You carry out this part of the configuration in ARIS Administration.
Prerequisite
You have the Technical configuration administrator function privilege.
Procedure
Lock users after failed login attempts
Specifies whether a user login is temporarily locked when a user causes too many failed logins. The default value is false. This corresponds to the following property: com.aris.umc.authentication.lock.enabled
Attempt limit
Specifies the number of failed login attempts that are allowed before user login is locked. This corresponds to the following property: com.aris.umc.authentication.lock.counter.limit
Lockout duration
Specifies how long a user login is temporarily locked when a user causes too many failed logins. This is defined in seconds. This corresponds to the following property: com.aris.umc.authentication.lock.ttl
Lock counter duration
Time that must elapse before the number of failed login attempts is reset. This is defined in seconds. This corresponds to the following property: com.aris.umc.authentication.lock.counter.ttl
Session cache size
Specifies how many session IDs are saved in the session renewal cache. When the cache is full, the least recently used sessions are removed. Cross-tenant property that can only be changed using ARIS Cloud Controller. For more information, refer to ARIS Cloud Controller (ACC) Command-line Tool manual. This corresponds to the following property: com.aris.umc.session.renewal.cache.size
Session cache lifetime
Specifies the maximum duration in seconds that a renewed session remains in the session renewal cache. A session can be renewed at the earliest after this period of time. This is defined in seconds. Cross-tenant property that can only be changed using ARIS Cloud Controller. For more information, refer to ARIS Cloud Controller (ACC) Command-line Tool manual. This corresponds to the following property: com.aris.umc.session.renewal.cache.ttl
Session ID generator
Specifies the random number generator used for generating session IDs. This corresponds to the following property: com.aris.umc.session.identifier.generator
Minimum length of session ID
Specifies the minimum length of a session ID in bytes. For security reasons this value should not be less than 32. This corresponds to the following property: com.aris.umc.session.identifier.length.min
Maximum length of session ID
Specifies the maximum length of a session ID in bytes. This corresponds to the following property: com.aris.umc.session.identifier.length.max
Maximum concurrent sessions
Specifies the maximum number of concurrent sessions that can be active for a single user. This does not apply to the arisservice and superuser users. This corresponds to the following property: com.aris.umc.session.concurrent.max
Use multi-factor authentication
Specifies whether multi-factor authentication is required. The default value is false. This corresponds to the following property: com.aris.umc.authentication.multiFactor.active
Clock skew intervals
Specifies the clock skew in number of intervals. One-time passwords (OTPs) that are within the valid range [currentTimeStep - clock_skew, currentTimeStep + clock_skew] are permitted. This is defined in milliseconds. This corresponds to the following property: com.aris.umc.authentication.multiFactor.clockSkew
Excluded users
Specifies a comma-separated list of users for whom the multi-factor authentication is not required. This corresponds to the following property: com.aris.umc.authentication.multiFactor.excludedUsers
Generate user statistics
Enables the generation of user statistics. The default value is false. If you specify this as true, the following properties for distinct user statistics are enabled as default:
This corresponds to the following property: com.aris.umc.audit.enabled
Log authentication
Enables authentication logging. The default value is true but this property is only enabled when Generate user statistics is specified as true. The following user statistics are logged and can be exported:
This corresponds to the following property: com.aris.umc.audit.log.auth.enabled
Log changes to configuration
Enables logging of changes to the configuration. The default value is true but this property is only enabled when Generate user statistics is specified as true. The following user statistics are logged and can be exported:
This corresponds to the following property: com.aris.umc.audit.log.conf.enabled
Log changes to licenses/privileges
Enables logging of changes to licenses or privileges. The default value is true but this property is only enabled when Generate user statistics is specified as true. The following user statistics are logged and can be exported:
This corresponds to the following property: com.aris.umc.audit.log.license.privilege.enabled
Log changes to users/user groups
Enables logging of changes to users or user groups. The default value is true but this property is only enabled when Generate user statistics is specified as true. The following user statistics are logged and can be exported:
This corresponds to the following property: com.aris.umc.audit.log.user.group.enabled
Force SSO
Specifies that only an SSO login is allowed. The default value is false. This corresponds to the following property: com.aris.umc.authentication.sso.only
Minimum authentication delay
Specifies the minimum delay that is added at each login. This is defined in milliseconds. This corresponds to the following property: com.aris.umc.authentication.delay.min
Maximum authentication delay
Specifies the maximum delay that is added at each login. This is defined in milliseconds. This corresponds to the following property: com.aris.umc.authentication.delay.max
Use OTPs
Specifies whether or not the generation of one-time passwords (OTPs) is allowed. This corresponds to the following property: com.aris.umc.otp.active
Lifetime
Specifies the lifetime of a one-time password (OTP) in seconds. Passwords become invalid after this time period at the latest. This corresponds to the following property: com.aris.umc.otp.ttl
License pools at user group-level
Specifies that license pools are assigned at the user group level. If this option is enabled, licenses must not be assigned to users directly, but are to be assigned via user groups only. This corresponds to the following property: com.aris.umc.license.distribution.handling
User statistics in backup
Specifies that the user statistics are part of the backup. The default value is false. This corresponds to the following property: com.aris.ums.user.statistics.backup
The Cross-tenant symbol indicates that the settings made apply to all tenants on this server and cannot be changed.
You have customized your system configuration.
See also