SystemSystem settingsLogon and authenticationPassword and logon

Password and logon

You can manage passwords and logon settings within the TotalAgility system. Refer to the Kofax TotalAgility Best Practices Guide for more information on some of these options.

Password

Password format

A format that all passwords must adhere to. The password format can be a regular expression or an inline value.

Examples of regular expression for password format:

  • The regular expression for a password format that should have a minimum of 8 characters including at least 1 Uppercase Alphabet, 1 Lowercase Alphabet, and 1 Number:

    ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$

    Valid password examples: PaSs1234 OR pASS1234

  • The regular expression for a password format that should have a minimum of 8 and a maximum of 10 characters including at least 1 Uppercase Alphabet, 1 Lowercase Alphabet, 1 Number, and 1 Special Character:

    ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$@$!%*?&])[A-Za-z\d$@$!%*?&]{8,10}

    Valid password examples: PaSs@123 and pASS1234

Password hashing algorithm

Used to verify the integrity of passwords. It includes two settings:

  • SHA-1: Cryptographic hash algorithm (the default setting for upgrades).

  • Scrypt: Password-based key derivation function (the default setting for clean installation).

If you change the password hashing algorithm, all existing user passwords become invalid on saving the changes. Therefore, you must specify the default password, and specify if the password must be updated for all users or only for the current user.

  • Default password: Specify the default password. Once you save the settings, passwords for resources get updated to the default password.

  • Update password: Specify if the password must be updated for all users or only for the current user:

    • All users: Updates all the users with the new password. The users can log in once with that password but are forced to change their password on the next successful login.

    • Current users only: Updates only your (current user) password. If you select to update the password for the current user only, ensure that existing users' passwords are changed manually; otherwise, they cannot log in with their old passwords.

Disable logon without password

In TotalAgility on-premise, a message appears when an unauthorized user invokes any of the Logon SDK methods to acquire the session ID.

This setting is not available for TotalAgility running in On-premise multi-tenant and Azure environments.

Reset password notification process

Use a process (default: SYSTEM Reset Password) to reset the password when a user forgets the password and requests a reset.

Security breach
Force all users to change the password on the next login due to a security breach or a change in the password format.

Logon

Allow multiple user logons
This option allows multiple logins using the same session. For example, you can log on to both TotalAgility Designer and TotalAgility Workspace, or use multiple browsers Windows in the same session to log on to Kofax TotalAgility Workspace.
Logon state forms
You can associate a form with a logon state to help the form designer know which form to display next. By default, each state uses a specific form. For example, the "AwaitingChangePassword" state uses the "ChangePassword.form" form.

Account lockout policy

An account is locked if the unsuccessful login attempt threshold is exceeded. The account lockout policy disables a user account if the user enters an incorrect password a specified number of times within a specified time. The lockout prevents attackers from guessing users' passwords and decreases the likelihood of successful attacks on your network. You can define an account lockout duration. Alternatively, an administrator can manually lock and unlock accounts.

Maximum number of logon attempts

The number of failed logins after which a user account must be locked. A locked-out account can only be used again if it is reset by an administrator or if the lockout duration for the account has expired. You can set a value of failed logon attempts between 0 and 999. A value of 0 indicates that the account cannot be locked. (Default: 5)

Account lockout duration
The number of minutes an account remains locked before automatically getting unlocked. The account lockout duration can range from 0 minutes to 99,999 minutes. A value of 0 indicates that the account will remain locked out until an administrator explicitly unlocks it. (Default: 30 Minutes)