In this section, it is possible to apply controls referring to system user passwords.

Request countersign when performing task: if this option is enabled, during the execution of tasks from the SoftExpert Suite components, the user executing them will be asked to confirm their countersign.

Request user countersign when performing critical operations in the system: if this option is enabled, when performing actions such as deleting, activating, or deactivating records, and other critical tasks, the user will be asked to enter their countersign before the system executes them.

Allow users to request forgotten password: if this option is enabled, the login screen will show the Forgot password? option so that the user can request a new password if they have forgotten the previous one.

Force users password change: this button must be clicked only when the passwords of all users registered in SoftExpert Suite need to be changed. Thus, when each user logs in the next time, the system will request a password change.

Only the system administrator can perform this operation.

Use this section to configure the options that may strengthen user passwords. 

As in every system, passwords are the first line of defense against unauthorized access. The stronger the password, the more protected the system will be. 

To this end, use the available options to define the requirements for system user passwords.

Minimum size: it allows for setting a minimum number of characters that each user must have in their password. When a user tries to create a password shorter than the minimum size, the system will display a message warning them that the required number of characters has not been reached. User passwords must contain at least 6 digits.

Validity (months): it allows for setting the number of months during which the system users can remain with the same password. Thus, when the defined deadline is reached, the user will be informed that their password has expired and will be asked to change it.

Repetition control: it allows for setting the number of times that the user must change their password before their former one can be repeated.

Upper and lower case characters: with this option enabled, system user passwords must necessarily contain uppercase and lower letters.

Special characters (for example: !, \$, #, %): with this option enabled, system user passwords must necessarily contain special characters (!, $, #, %, etc.).

Password requirements:

• Passwords must contain at least one number and one letter.
• Passwords must not contain the "\" and "/" characters.
• Passwords must not contain one of the following combinations: "sesuite", "53suite", "53su1te", "s3su1t3", "s35u1t3", "soft", "5oft", "S0ft", "50ft", "expert", "3xpert", "3xp3rt", "softexpert", "5oftexpert", "50ftexpert", "50ft3xpert", and "50ft3xp3rt".
• Passwords must not contain fragments with a sequence of 4 digits or more of the login, nor the user's name and e-mail.
• Passwords must not be on the list of those considered weak within SoftExpert Suite.

This section must be used to configure the options for blocking unauthorized access by someone who is trying to guess the password of a system user.

Number of attempts: it allows for setting the number of times that the user may try to log in with an incorrect password before being locked out. To do so, enter the number of attempts, which can be from 1 to 5.

The user can be unblocked automatically (if the Time for which the user will be blocked (minutes) field is filled in), or manually through the Organizational unit > User (AD004) menu of SoftExpert Administration.

Time for which the user will be blocked (minutes): fill in this field to define that, once blocked due to invalid login attempts, the user will be automatically unblocked after a certain period.

In this case, define for how many minutes the user will remain blocked. Once the set number of minutes is reached, they will be automatically unblocked.

Notify administrator: with this option enabled, the system administrator will be notified by e-mail when a user is blocked due to invalid login attempts.

This section provides several other user login options:

Alert the administrator when any unknown login is identified: in case of login attempts with an unknown user, the system will send the administrator a warning e-mail about who tried to connect.

Block manual operations in the user record: in the File > Organizational unit > User (AD004) menu of SoftExpert Suite, the Add button will be shown disabled. It will only be possible to create users through integration with the LDAP server.

Inactivity timeout (minutes): allows for setting how many minutes the system may remain idle, that is, without being used by the logged user. When the defined time is over, the user will be automatically disconnected and a message requesting them to reconnect will be displayed.

Synchronize login: the user will be synchronized once authenticated. This field must be checked only if one of the authentication options with LDAP is enabled. Note that only the authenticated user will be synchronized.

In this section, it is possible to configure multi-factor authentication, which confirms the identity of the user accessing the application.

Multi-factor authentication is an authentication method that requires the user to provide two or more verification factors in order to access a resource or application, which reduces the likelihood of a successful cyber attack.

MFA provides an additional authentication layer to the login process by requiring the user to provide more than one authentication factor in order to access their account. This way, even if their login credentials are compromised, a hacker will not be able to access their account without the correct combination of the additional authentication factors.

This resource strengthens the security of user information in the system, offering best practices for protection and privacy.

If MFA is enabled, the e-mail field must be correctly completed on the user data screen, since this field will be mandatory.