By default, Bizagi uses its own identity provider, to authenticate users to your cloud-based portals and applications. However, you can manage the security policies associated with this identity provider. If you change the identity provider, see How to manage identity providers, the security policies are managed directly in each IdP.
Before you start
To manage the security policies you must have access to the Customer Portal as a Company Administrator. See How to set company administrators.
By default, the Customer Portal is provisioned with a Bizagi authenticator. If you want to edit the security policies, access the Customer Portal as a company administrator, click the Settings icon, and select the Protocols section. Click the Edit icon on the protocol shown by default.
You can manage the following parameters:
Account Security Policies
•Failed log in lockout minutes: Number of minutes that an account remains locked if the user reaches the maximum failed attempts.
•Max failed log in attempts: Maximum number of failed attempts when trying to log in, before the account gets locked.
•Log in attempts reset minutes: Maximum number of minutes that a user must wait before they can reset the password after the account is locked.
These properties are related to the emails that are sent for account management, for example, when the user creates the account or resets the password.
•Retry times: If by any reason an email related to account management (like forgot or reset password) cannot be sent, Bizagi can retry sending the email based on this parameter.
•Sleep duration in seconds: This is the interval between retries.
•Link expiration hours: When Bizagi sends an email related to the account management, it contains a link to continue with the procedure, for example, resetting the password. For security reasons, the link has a duration based on this parameter. After that time, the link is no longer valid.
•Maximum links per user: You can define the maximum number of active links that can be associated with a user at the same time. For example, you cannot generate more than 5 links related to the account management per user. After you reach this limit, Bizagi waits until a link expires.
•Verification code time delay: Not used in this version.
•Verification code time delay close account: Not used in this version.
Password security policies
These are properties related to the password management of your users. These are only valid if you have the default Bizagi authenticator. You can set the following properties:
•Minimum password length: This is the minimum number of characters that each password must have.
•Maximum password length: Maximum number of characters that a password can have.
•Min capital letters: Minimum number of capital letters that the password must contain.
•Min lowercase letters: Minimum number of lowercase letters that the password must contain.
•Min numeric characters: Minimum number of numbers that the password must contain.
•Min non-alphanumeric characters: Minimum number of non-alphanumeric characters that the password must contain.
Additionally, you can set if the password can contain the UserName.