• Sign In
  1. Start Page
  2. LabKey Server
  3. Administration
  4. Compliance

Compliance: User Accounts and Login

Documentation: Version 19.3

Compliance: User Accounts and Login

Print
Premium Feature — Available in the Professional Plus, and Enterprise Editions. Learn more or contact LabKey.

This topic covers settings available within the Compliance module. Both the Compliance and ComplianceActivities modules should be enabled on your server and in any projects where you require these features.

Manage Account Expiration

You can configure user accounts to expire after a set date. Expiration dates can be set for individual accounts. To set up expiration dates, first add one or more users, then follow these instructions:

  • Go to (Admin) > Site > Admin Console.
  • Click the Settings tab.
  • Under Premium Features, click Compliance Settings.
  • On the Accounts tab, under Manage Account Expiration, select Allow accounts to expire after a set date.
  • Click Save.
  • You can now set expiration dates for user accounts.
  • Click the link to the Site Users table on the same page. (Or go to (Admin) > Site > Site Users.)
    • Above the grid of current users, note the Show Temporary Accounts link. This will filter the table to those accounts which are set to expire at some date.
  • Click the Display Name for a user account you want to set or change an expiration date for.
  • On the account details page click Edit.
  • Enter an Expiration Date, using the date format Year-Month-Day. For example, to indicate Feb 16, 2019, enter "2019-02-16".
  • Click Submit.
  • Click Show Users, then Show Temporary Accounts and you will see the updated account with the assigned expiration date.

Manage Inactive Accounts

Inactive accounts can be automatically disabled (i.e., login is blocked) after a set number of days. To set the number of days after which accounts are disabled, follow the instructions below:

  • Select (Admin) > Site > Admin Console and click Settings.
  • Under Premium Features, click Compliance Settings.
  • On the Accounts tab, under Manage Inactive Accounts, select Disable inactive accounts after X days.
  • Use the dropdown to select when the accounts are disabled. Options include: 1 day, 30 days, 60 days, or 90 days.

Audit Process Failures

These settings allow you to send a notification email to administrators if any audit processing fails (for example, if there are any software errors, audit capturing bugs, or if audit storage capacity has been reached). If any of the events that should be stored in LabKey’s Audit Log aren’t processed properly, administrators are informed of the error in order to escalate, fix, or otherwise take action on the issue.

You can also control which administrators are informed: either the primary administrator or all site administrators.

  • Select (Admin) > Site > Admin Console and click Settings.
  • Under Premium Features, click Compliance Settings.
  • Click the Audit tab.
  • Under Audit Process Failures, select Response to audit processing failures.
  • Select the audience as: Primary Site Admin or All Site Admins (the default).
  • Click Save.
  • To control the content of the email, click the link email customization, and edit the notification template named "Audit Processing Failure". For details see Email Template Customization.

Limit Login Attempts

You can decrease the likelihood of an automated, malicious login by limiting the allowable number of login attempts. These settings let you disable logins for a user account after a specified number of attempts have been made. (Site administrators are exempt from this limitation on login attempts.)

To see those users with disabled logins, go to the Audit log, and select User events from the dropdown.

  • Go to (Admin) > Site > Admin Console.
  • Click the Settings tab.
  • Under Premium Features, click Compliance Settings.
  • Click the Login tab.
  • In the section Unsuccessful Logins Attempts, place a checkmark next to Enable login attempts controls.
  • Also specify:
    • the number attempts that are allowed
    • the time period (in seconds) during which the above number of attempts will trigger the disabling action
    • the amount of time (in minutes) login will be disabled
  • Click Save.

Third-Party Identity Service Providers

To restrict the identity service providers to only FICAM-approved providers, follow the instructions below. When the restriction is turned on, non-FICAM authentication providers will be greyed out in the Authentication panel.

  • Go to (Admin) > Site > Admin Console.
  • Click the Settings tab.
  • Under Premium Features, click Compliance Settings.
  • Click the Login tab.
  • In the section Third-Party Identity Service Providers, place a checkmark next to Accept only FICAM-approved third-party identity service providers.

Related Topics

Search

 

Docs & Product Feedback

 

Was this content helpful?

Log in or register an account to provide feedback

Pages

 

previousnext
 
expand allcollapse all