Login settings
When you first begin to set up your Cloud profile, you can configure Cloud settings for your organization's security. As an administrator, you can:
-
Change the Cloud password settings
-
Set online session length
-
Configure two-factor authentication
Set password requirements
Cloud has a default set of password requirements that are enforced for all new users. Once you have successfully logged into Cloud yourself, you can make these requirements more strict.
To set password requirements:
-
Ensure that you have the Settings Admin role or equivalent privileges.
-
From the Cloud menu, select Settings.
-
Select Security | Password Settings. The Password Settings page is displayed.
You can set a minimum password strength and you can choose whether or not passwords will expire. Once you have set the password requirements, select Save to apply your changes.
Minimum password strength
The minimum password strength is a setting that determines the minimum length for Cloud passwords and the different types of characters that must be included. Characters are grouped into four types:
-
lower-case letters
-
upper-case letters
-
numbers
-
non-alphanumeric characters
The minimum password strength is Moderate by default, but you can set it to Strong or Very Strong. The stronger you require your Cloud passwords to be, the longer the passwords must be or the more different character types your users must include.
For example, if you apply the Moderate setting, a staff member can use a password that is all lower-case letters if it is at least 12 characters long. If you apply the Very Strong setting, the same staff member can only use a password of all lower-case letters if the password is at least 30 characters long.
Password expiry
This password expiry setting lets you require staff members to periodically change their passwords. By default, passwords will never expire.
To set up expiring passwords, choose Yes in the Passwords expire field. A new line is displayed where you can specify the number of months before passwords expire.
Set online session length
When a staff member signs in to Cloud, they begin a session. That staff member ends their session when they sign out from Cloud or when they close the application (in the web browser or in Working Papers).
You can change this session management setting for all users in your organization. If you set Cloud to remember users on sign in, users will only have to log in once for a specified period of time. They will be able to close their browser without ending the session, and if they go back to Cloud in the same browser, they will automatically return to the last place they worked without needing to log in again.
While a longer session duration reduces your login frequency, it increases the chances that the session can become compromised. We suggest that you set the online session length to a reasonable duration.
To set online session length:
-
Ensure that you have the Settings Admin role or equivalent privileges.
-
From the Cloud menu, select Settings.
-
Select Security | Session Management. The Session Management page is displayed.
-
Select the checkbox for Remember Users on Sign In. A new line with a field for Hours to Remember Users is displayed.
-
Enter the number of hours that your organization's Cloud sessions should stay open after users close the application.
-
Select Save to apply your changes.
Once this setting is enabled, users for your organization will have the option to stay signed in for the number of hours that you entered in the settings.
Configure two-factor authentication
Note: SMS-based two-factor authentication is currently available free of charge on a trial basis. In a future release, our development team will add a second method of two-factor authentication. That method will work with mobile devices, will not rely on SMS, and will be free to use. When the second method becomes available, there may be additional costs for continued use of SMS-based two-factor authentication.
To effectively secure your organization's sensitive data, consider enabling two-factor authentication. With two-factor authentication, you will be expected to supply two pieces of information to verify your identity before gaining access to Cloud.
-
Your password
-
A single-use code sent to your mobile phone
Using two pieces of information helps ensure that you are the only person that can access your account, even if someone else has your password.
Best practices
We recommend the following to ensure users with two-factor authentication can maintain access to Cloud:
-
Ensure that your organization has at least two staff members with the Admin role before enabling two-factor authentication. Only staff members with the Admin role can disable two-factor authentication. Granting this role to two users ensures that at least one account will always be able to access Cloud. For instructions, see Assign security roles.
-
Generate backup codes. Backup codes are single-use codes that enable you to log in if you cannot access your mobile phone, or if an administrator is unavailable to disable two-factor authentication for you.
Additional requirements for Working Papers users
Currently, two-factor authentication is only supported with Working Papers 2017.00.283 or later. If you are using an earlier version of Working Papers, an administrator must disable two-factor authentication for your Cloud account otherwise you will not be able to sign in.
To learn more about disabling two-factor authentication for individual accounts, see Enable two-factor authentication for your own account.
Enable two-factor authentication across your organization
Note: Staff and contacts can always enable two-factor authentication from their own accounts. For more information on enabling two-factor authentication for individual users, see Enable two-factor authentication for your own account.
You can enable two-factor authentication for all staff and contacts from the Settings page. You can also enable two-factor authentication for your account individually.
To enable two-factor authentication for staff and contacts:
-
Ensure you have the Settings Admin role or the equivalent permissions.
-
From the Cloud menu, select Settings | Security | Authentication and Session Management.
-
Select All Staff, All Contacts, or both. If you want either group to be able to opt out of two-factor authentication temporarily, select Allow user to skip setup until: and choose a date and time. This option is intended to allow users sufficient time to complete the setup process.
-
From the drop-down menu, select Every 30 days or Every sign in to set how often two-factor authentication is required when you sign in. You will need to provide a new code the first time you sign in from a new device regardless of your choice.
-
Select Save.
You have enabled two-factor authentication for staff and contacts. If you prefer, you can leave the decision to enable two-factor authentication up to individual users. For more information see Enable two-factor authentication for your own account.
Enable two-factor authentication for your own account
You can enable two-factor authentication for your own account at any time, even if it's not enabled across your organization. You'll need a valid phone number to enable this option.
To enable two-factor authentication for an individual account:
-
Select your avatar and choose My Settings.
-
From the sidebar, select Account Settings.
-
Select Enable, then choose your country from the Country drop-down menu.
-
Enter your mobile phone number in the Mobile Phone field, then select Update Phone Number.
-
Enter your password, then enter your verification code in the Verification Code field.
-
Select Verify.
You have set up two-factor authentication for an individual account. If you lose your phone, an administrator can temporarily disable two-factor authentication. For more information, see Disable two-factor authentication for a specific user.
Update your phone number
If you change your phone number, you'll need to update your two-factor settings . If you can no longer access your Cloud account, an administrator can temporarily disable your two-factor authentication (see Disable two-factor authentication for a specific user ).
To update your phone number:
-
Select your avatar, then select My Settings.
- From the sidebar, select Account Settings.
-
Enter your mobile phone number in the Mobile Phone field and select Update Phone Number.
-
Enter your password, then enter your verification code in the Verification Code field.
-
Select Verify.
You have updated your phone number. If you want to disable two-factor authentication for your account, you'll need to contact an administrator. For more information on disabling two-factor authentication, see Disable two-factor authentication for a specific user.
Generate backup codes
Backup codes enable you to log in if you cannot access your mobile phone, or if an administrator is unavailable to disable two-factor authentication for you. Backup codes are single-use, and must be generated while you have access to your account.
To generate backup codes:
-
Ensure you have enabled two-factor authentication for your account. To learn more, see Enable two-factor authentication for your own account
-
Select your profile picture and choose My Settings.
-
From the sidebar, select Account Settings.
-
Select Generate backup codes.
-
Enter your password, then select Continue.
-
Write down your backup codes and store them in a safe place, or select Download to store them in a TXT file.
-
Select Close.
You have generated backup codes. If you lose access to your backup codes and your mobile phone, you will need to contact an administrator to regain access to your account.
Disable two-factor authentication for a specific user
If you lose access to your mobile phone or change your phone number, you won't be able to access your account. To regain access, an administrator must temporarily disable two-factor authentication for your account. Note that if an administrator permanently disables two-factor authentication, you can't change your two-factor authentication phone number.
To disable two-factor authentication for a specific user:
-
Ensure you have the Admin role.
-
From the Cloud menu, select Staff or Contacts.
-
Choose a staff member or contact, and select Edit ().
-
Select Password; then choose Disable two-factor authentication.
-
Select Until: to allow a staff member or contact to opt out temporarily. This ensures that the staff member can access their account and change their two-factor authentication phone number if required. In the field, specify the date to automatically re-enable two-factor authentication.
-
Select Save.
You can disable two-factor authentication for other reasons as well. For example, you might disable two-factor authentication permanently because a staff member doesn't own a mobile phone, or has integrated certain Caseware software with Cloud. To learn more about how integrated software interacts with two-factor authentication, see Additional requirements for Working Papers users.