Welcome > System > System settings > Passwords and logon

Passwords and logon

You can manage passwords and logon settings within the TotalAgility system. See the Kofax TotalAgility Best Practices Guide for more information on some of these options.

  1. Navigate to System > System settings > Logon and authentication > Passwords and logon.
    The Passwords and logon dialog box is displayed.
  2. In the Passwords group, configure the following settings.

    Password format

    A format that all passwords must adhere to. The password format can be a regular expression or an inline value.

    Examples of regular expression for password format:

    • Minimum 8 characters at least 1 Uppercase Alphabet, 1 Lowercase Alphabet and 1 Number

      ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$

      Valid password examples: PaSs1234 OR pASS1234

    • Minimum 8 and Maximum 10 characters at least 1 Uppercase Alphabet, 1 Lowercase Alphabet, 1 Number and 1 Special Character

      ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$@$!%*?&])[A-Za-z\d$@$!%*?&]{8,10}

      Valid password example: PaSs@123

    Password hashing algorithm

    Used to verify the integrity of passwords. It includes two settings:

    • SHA-1: Cryptographic hash algorithm (default setting for upgrades).

    • Scrypt: Password-based key derivation function (default setting for clean installation).

    If you change the password hashing algorithm, all existing user passwords become invalid on saving the changes. Therefore, you must specify the default password, and also specify if the password must be updated for all users or only for the current user.

    • Default password: Specify the default password. Once you save the settings, passwords for resources get updated to the default password.

    • Update password: Specify if the password must be updated for all users or only for the current user:

      • All users: Updates all the users with the new password. The users can login once with that password, but are forced to change their password on next successful login.

      • Current users only: Updates only your own (current user) password. If you select to update password for the current user only, ensure that existing users passwords are changed manually; otherwise, they cannot login with their old passwords.

    Disable logon without password

    A message appears when an unauthorized user invokes any of the Logon SDK methods to acquire the session ID.

    Note This setting is not available for TotalAgility running in On-premise multi-tenant and Azure environments.

    Reset password notification process

    You can reset the password when a user forgets the password and requests a reset. You can also force all users to change the password on the next logon due to a Security breach or change in the password format.

    To reset the password when a user forgets the password and requests a reset, select a Reset password notification process. (Default: SYSTEM Reset Password).

  3. In the Logon group, configure the following settings.

    Allow multiple user logons If selected, allows multiple logons using the same session. For example, you can logon to both TotalAgility Designer and TotalAgility Workspace, or use multiple browser Windows in the same session to logon to TotalAgility Workspace.
    Logon state forms

    A form to associate with a logon state to help the form designer know which form to display next. By default, each state uses a specific form. See the following table for the states and the associated default forms.

    State Form

    AwaitingChangePassword

    ChangePassword.form

    AwaitingChangeForgottenPassword

    ResetPassword.form

    AwaitingPasscode

    VerifyPasscode.form

    LoggedOn

    GeneralWorkQueue.form

    Note The AwaitingChangePassword, AwaitingChangeForgottonPassword and AwaitingPassword logon states time out based on the session timeout interval defined in system settings.

  4. An account is locked if unsuccessful logon attempt threshold is exceeded. The account lockout policy disables a user account if the user enters an incorrect password a specified number of times within a specified time. The lockout prevents attackers from guessing users' passwords, and decreases the likelihood of successful attacks on your network. You can define an account lockout duration. Alternatively, an administrator can manually lock and unlock accounts. In the Account lockout policy group, configure the following settings.

    Maximum number of logon attempts

    The number of failed logon attempts after which a user account must be locked. A locked-out account can only be used again if it is reset by an administrator or if the lockout duration for the account has expired. You can set a value of failed logon attempts between 0 and 999. A value of 0 indicates that the account cannot be locked. (Default: 5)

    Account lockout duration

    The number of minutes an account remains locked before automatically gets unlocked. The account lockout duration can range from 0 minutes through 99,999 minutes. A value of 0 indicates that the account will remain locked out until an administrator explicitly unlocks it. (Default: 30 Minutes)

  5. Click Save.