send feedback

❮ Previous Next ❯

Standard security

About using standard security

Standard is a security setting option that you can implement with your Mobile Enterprise Platform solution.

In Standard security, there is no password expiration, number of days before expiration, or number of passwords to retain.

If using standard security, the Authentication and Web API tabs are disabled.

Define standard security settings

Security parameters include complex password structure and password minimum length. User accounts can be manually locked and unlocked from within the user profile.

To define Mobile Enterprise Platform to use Standard security settings, complete the following steps in Platform Manager.

Go to Admin > Configuration > Security Settings.
On the General tab, in the System Configuration section, complete the following substeps.
1. For Security Mode, select Standard.
2. For Number of users to cache, enter the amount of users you want to add.
3. To retrieve a user's credentials through email, select the Retrieve user credentials through email box.
4. If Retrieve user credentials through email is selected, enter the Server address and HTTP port for the retrieval page.
5. Optional. To populate the User ID for each new user with a randomly generated alphanumeric string, select User IDs are automatically generated. If this option is not selected, the User ID will be populated with the Login ID.
  
  Step Information
  
  Important:This option is not selected by default. On a Cloud implementation, this option is usually selected during initial setup.
Optional. To allow a user to access Mobile Client without re-entering their credentials, under User Cache Configuration, complete the following substeps.
1. Select Allow 'Remember Me'.
2. For 'Remember Me' duration (days) , enter the number of days that you want Mobile Client to remember the user.
3. Optional. To allow users to log in with a 4 digit passcode, select Allow passcode.
4. Optional. To require users to log in with a 4 digit passcode, select Require passcode.
  
  Step Information
  
  Note: Require passcode is only available if you select Allow passcode.
Under Mobile Client Settings, complete the following substeps.
1. To specify that inactive devices will become inaccessible until logged into again, select Lock inactive devices.
2. If you enabled Lock inactive devices, enter the time-out information in Lock time-out (min).
3. To determine if a user will be logged off after a session has been inactive for a specified amount of time, select Log off inactive sessions.
4. If you enabled Log off inactive sessions, fill out the Log off time-out (min) field.
5. To allow users to exit the mobile client, select Allow users to exit Mobile Client.
6. To allow users to log off when an application is executed, select Allow users to log off during Application execution.
7. To restrict full database replication, select Restrict full database replication for Mobile Client users.
8. To disable the local SQL database, select Disable SQL logging for local databases.
9. To enable encryption for a local database on an iOS or Android device, select Encrypt device databases, and then specify a password.
10. To allow a user to open Mobile Client for HTML5 in multiple tabs, select Allow Multiple HTML5 Tabs.
  
  Step Information
  
  Note:For more information, refer to About parent and child tabs.
On the Authentication tab, complete the following, as applicable.
Step Information
For Password minimum length, enter the minimum password length.

To have the password require a specific character structure, select the Complex password checkbox.
Note:All other options will be grayed out and cannot be selected while in Standard security mode.
Optional. To create a key to allow your company to access the Mobile Enterprise Platform without using the Mobile Client, on the Web API Agent tab, complete one or both of the following options.
- To create a unique Client ID, select Generate ID.
- To create a unique Secret Key, select Generate Key.
Select Save.

Standard security settings

The following tables outline settings to implement the Standard security mode across your Mobile Enterprise Platform solution. The Standard security mode requires a user profile with a unique user ID, and includes parameters for complex password structure and password minimum length.

System Configuration

Security mode

Specifies the type of security used by the system for user access. Security mode options are:

Standard: Requires a user profile with a unique user ID. Security parameters include complex password structure and password minimum length. Also, user accounts can be manually locked and unlocked from within the user profile.

Advanced: Requires a user profile with a unique user ID. In addition to the Standard security parameters, Advanced security parameters include account lockout after a specified number of failed logon attempts.
LDAP: Requires an LDAP directory on an LDAP server. Users are automatically created in the system from user data extracted from the LDAP directory through the LDAP Extraction Agent. Users log on to system components based on logon credentials specified in the LDAP directory.

Number of users to cache

Not available for Standard Security Mode. This sets the maximum number of users to be saved, or cached, on the smart device. The default setting is 1. The maximum setting is 50. If the value is set to 0 no user will be cached on the device and the Mobile Client user will have to be connected in order to log in.

Retrieve user credentials through email

When this box is enabled, a link will display on the Platform logon screen, and on the Mobile Client screen, for users who have forgotten their User ID or password to recover their logon credentials.

Server address for retrieval page

If the field for Retrieve user credentials through email box is enabled, this field is available. Specifies the web server name or IP address to be accessible for password retrieval for Mobile Enterprise Platform users, especially those on an external network.

HTTP port for retrieval page

Specifies the website port to be accessible for password retrieval for Mobile Enterprise Platform users, especially those on an external network.

User IDs are automatically generated

When selected, populates the User ID for each new user with a randomly generated alphanumeric string. If this option is not selected, the User ID will be populated with the Login ID.

Important:This option is not selected by default. On a Advanced Inventory Cloud implementation, this option is usually selected during installation.

User Cache Configuration

Allow 'Remember Me'

When enabled, allows for Mobile Client configuration settings to enable the smart device user to change to another Application, and then re-access the Mobile Client Application without logging back into it. Mobile Client will "remember" the user. This is a global setting.

'Remember Me' duration (days)

When Allow 'Remember Me' is enabled, this field becomes available in order to indicate the duration, in days, for Mobile Client on a smart device to remember the user when coming back to Mobile Client after accessing another application.

Allow passcode

When Allow 'Remember Me' is enabled, this box will allow for a passcode (PIN) to be set for a user to re-access the Mobile Client application without logging back into it, after accessing another application on a smart device.

Require passcode

When Allow passcode has been enabled, checking this box this will make the passcode (PIN) a requirement.

Mobile Client Settings

Lock inactive devices

Specifies, when selected, that inactive devices are to become inaccessible until an authorized user logs on. When selecting this check box, also specify how long a device remains inactive until it becomes locked.

Lock time-out (min)

Specifies, in minutes, how long a device remains inactive until it becomes locked. Entry in this numeric field can be up to 3 digits. Valid values range from 1 to 999 minutes.

Log off inactive sessions

Specifies, when selected, that users are logged off a Mobile Client session after it has been inactive for a specified time. When selecting this check box, Logoff time-out becomes enabled in order to allow for specifying the time in minutes. The logoff is performed whether or not an application is executing, except during local database replication.

This option applies to all Mobile Client clients, including Mobile Client Telnet.

Log off time-out (min)

Specifies, in minutes, how long a Mobile Client session remains inactive before the user is logged off. Entry in this numeric field can be up to 3 digits. Valid values range from 1 to 999 minutes.

This option applies to all Mobile Client clients, including Mobile Client Telnet.

Allow users to exit Mobile Client

Specifies, when selected, that users can exit from the Mobile Client program.

This option overrides the exit permission defined for the MobileClientUser role.

This option does not apply to Mobile Client Telnet or Mobile Client for HTML5.

Allow users to log off during Application execution

Specifies, when selected, that Mobile Client users are allowed to log off while an application is executing. If this option is not selected, users are prevented from logging off until an application has completed (if the application itself has no exit options defined).

This option does not apply to Mobile Client Telnet or Mobile Client for HTML5.

Restrict full database replication for Mobile Client users

Specifies, when selected, that Mobile Client users are restricted from initiating a full database replication from the Mobile Client menu. These users are still able to do a full database replication via an application, if they are in a role allowing them to execute the application.

Disable SQL logging for local databases

Specifies that device local database SQL logging (which is in Tracing Options in Mobile Client) is disabled. This feature is used for debugging purposes. When this option is selected in Security Settings, the SQL operations option in the Tracing Options dialog box is disabled.

Encrypt device databases

When selected, enables encryption for a local database on an iOS or Android device.

Allow Multiple HTML5 tabs

When selected, allows a user to open Mobile Client for HTML5 in multiple tabs.

Authentication

Password minimum length

Specifies the minimum number of characters required for new passwords. Entries in this numeric field can be up to 2 digits. Valid values for this option range from 0 to 10. When this field is set to 0, no password is required for logging on to the system.

Password expires

Sets passwords to become invalid within a specified time frame. When this box is enabled, the number of days new passwords remain valid must be assigned.

For example, when a user, whose password is set to expire within five days, logs on to the system, a message appears asking them if they want to change their password at that time.

Number of days before expiration

Specifies how many days authorized users can access components of the system before having to change their logon password. Entry in this numeric field can be up to 3 digits, only if the Password expires box is enabled. Valid values range from 1 to 365 days.

When a user, whose password is set to expire within five days, logs on to the system, a message appears asking them if they want to change their password at that time. The message will continue to appear at logon until the password is changed or it expires.

Number of passwords to retain

Specifies the number of previous passwords to be stored so that they cannot be reused. Entry in this numeric field is 1 digit, only if the Password expires box is enabled. Valid values range from 1 to 9 previous passwords.

When users change their passwords, the system checks these previous passwords to ensure recent passwords are not reused.

Complex password

Specifies that new passwords require the following minimum structure.

One number
One uppercase letter
One lowercase letter
One special non-alphanumeric character - supported complex characters are: ~ ! # $ % ^ & * ( ) ? < > | _ [ ] { } : ; . , / \ + - ' = @

Lockout after failed logon attempts

Specifies, when selected, that users will be locked out of the system after a specified number of unsuccessful logon attempts. This option is available only when Advanced security mode is used.

When this box is enabled, the number of unsuccessful logon attempts users can make before becoming locked out of the system must be specified. Manage account locking through user profiles.

Number of attempts allowed

Specifies how many times users can unsuccessfully try to log on to the system before they are locked out. Entry in this numeric field can be 1 digit only if the Lockout after failed logon attempts box is enabled. Valid values range from 2 to 6 attempts.

When users reach this number of unsuccessful attempts to log on to the system, with the next unsuccessful attempt, the system automatically locks out the user until the account is unlocked on the user profile. Account locking can be managed using user profiles.

Web API Agent

Access Key

Enter a value, or select Generate ID to create a unique value.

Secret Key

Enter a value, or select Generate Key to create a unique value.

There was a problem loading this topic