Property | Description |
|---|---|
Minimum Password Length | Minimum password length required for a valid password. Must be a number between 4 and 12 characters. |
Minimum Character Mix | Minimum number of character types required for a valid password. Passwords can contain a mix of the following character sets:
For example, if you set Minimum Character Mix to 1, then passwords must contain at least one of the character sets. If you set Minimum Character Mix to 2, then passwords must contain at least two of the character sets. |
Password Reuse | Controls whether users can reuse passwords. |
Password Expires | Determines how often users must reset their passwords. |
Enable Multi-Factor Authentication | Enables multi-factor authentication for native human users. When multi-factor authentication is enabled, native human users receive a verification code through email when they log in to the user interface. The email address for each human user must be valid. Categorize users as human or non-human users on the Users page. For more information, see User Administration. |
Session Idle Timeout | Amount of time before a user's session times out due to inactivity. IDMC displays a warning message to the user 60 seconds before the user is logged out. Default is 30 minutes. |
Authentication Type | Authentication type used after a user logs in. Default is JSON Web Token (JWT). For JWT authentication, select a duration for tokens to expire. Default is 30 minutes. When you change the authentication type, the new type takes effect at the next login. The change doesn't affect sessions that are in progress. Before you use the JWT authentication type, modify custom scripts to refresh the tokens before they expire. For more information, see the JWT Support Knowledge article. Note: Don't use the JWT authentication type if your organization uses API Manager or the REST V2 Connector. |
Use Trusted IP Ranges | Enables IP address filtering. IP address filtering uses trusted IP address ranges in addition to account passwords to prevent unauthorized users from accessing your organization. When you enable IP address filtering, a user with a valid login must also have an IP address within the range of trusted IP addresses, or the user can't log in to your organization. When you enable this option, you must also enter one or more trusted IP address ranges. Note: If you create a serverless runtime environment when trusted IP ranges are enabled, you must add the IP addresses of the DMZ NAT gateway to the list of trusted IP addresses. For a list of the DMZ NAT gateway addresses, see Runtime Environments. |
Allowed Trusted IP Ranges | The trusted ranges of IP addresses from which users can log in to access the organization. IDMC supports IP address formats in IP version 4 (IPv4) and version 6 (IPv6). Fields for the trusted IP address range appear when you enable IP address filtering. To enter additional address ranges, click +. To ensure seamless communication between resources across both IPv4 and IPv6 networks, enable a dual stack configuration. For example, if your virtual machine uses one network type, IPv4 or IPv6, and the servers that host the connectors use another network type, enable dual stack on your virtual machine to ensure seamless communication regardless of their network type. Note: If you enter an invalid IP address range, users cannot access your organization. Contact your network administrator for valid IP address ranges. |