Account settings

Use the Account Settings feature to configure the system to do the following.

Reset Password Notification Process

You can reset the password when a user forgets the password and requests a reset. You can also force all users to change the password on the next logon due to a security breach or change in the password format.

Multifactor Authentication

Multifactor authentication (MFA) is a security approach to verify the legitimacy of a user that requires more than one of the following independent authentication factors :

  1. Knowledge factor: Something only the user knows, such as the password or security question answers.

  2. Possession factor: Something only the user has, such as an email with a passcode or a user-specific cookie on a client computer or device.

  3. Inherence factor: Something unique to the user, such as fingerprints or eye recognition.

    After presentation, each factor must be validated by the other party for authentication to occur.

Multifactor Authentication for Internal and External Users

You can enable multifactor authentication independently for internal and external Resources. Kofax TotalAgility supports the following authentication features for both internal and external resources.

  • Passcode: Users logging on for the first time are requested to enter a passcode. Passcode is sent to the user through an email and has a limited validity period. On entering the active password, a cookie is added to user's system and logon proceeds. For subsequent logon, system checks for the valid cookie. If it does no exist, user must go through the passcode verification again.
  • Password format: To increase security, a regular expression can be supplied to ensure that any passwords added for resources must adhere to a specific format. This is an optional setting. See General settings.

Account Lockout Policy

An account is locked if unsuccessful logon attempt threshold is exceeded. The account lockout policy disables a user account if the user enters an incorrect password a specified number of times within a specified time. The lockout prevents attackers from guessing users' passwords, and decreases the likelihood of successful attacks on your network. You can define an account lockout duration, which determines the number of minutes an account remains locked out before automatically becoming unlocked. Alternatively, an administrator can manually lock and unlock accounts.

If you logon with invalid password then access will be denied and the unsuccessful attempt are recorded.

To unlock an account:

  • Wait until the account lockout duration has passed and then logon with correct password.

  • Get the password from administrator.

Logon State Associated Form

Define a form to associate with a logon state to help the form designer know which form to display next. By default, each state uses a specific form; you can change the form as needed. The following table lists the states and the associated default forms:

State Form

AwaitingChangePassword

ChangePassword.form

AwaitingChangeForgottenPassword

ResetPassword.form

AwaitingPasscode

VerifyPasscode.form

LoggedOn

GeneralWorkQueue.form

Note The AwaitingChangePassword, AwaitingChangeForgottonPassword and AwaitingPassword logon states time out based on the session timeout interval defined in system settings. See General.

Note You can turn on/off each of the preceding features for a group within the internal resources or for external resources through system settings.

See Manage account settings.