General logon settings
Under the General tab of Logon Settings, you can configure the following settings.
CATPCHA Settings
Login CAPTCHA serves as a security measure against bot-based brute force attacks. Enabling this setting will display a CAPTCHA image on the login page. End-users must enter the characters shown in the CAPTCHA image to log into the AD360 web portal.
You can configure whether to always show CAPTCHA or only after a certain number of invalid login attempts. Apart from the CAPTCHA image, you can also enable Audio CAPTCHA to assist visually impaired users.
Steps to enable CAPTCHA:
- Log into AD360 as an administrator.
- Navigate to Admin → Administration → Logon Settings, and click the General tab.
- Select the option Enable CAPTCHA on the login page.
- Select Always show CAPTCHA if you want users to go through CAPTCHA verification every time they login.
- Select Show CAPTCHA after invalid login attempts if you want only those users who failed at login to go through the CATPCHA verification process.
- Enter the number of invalid login attempts after which the CAPTCHA verification should appear.
- Enter the threshold (in minutes) to reset the invalid login attempts. After the specified time period, the invalid login attempts will be reset.
- Illustration: Consider the following limits:
- Invalid login attempts limit ‘3’
- Reset the invalid attempts limit after ’30’ minutes
- In the above illustration, if a user fails login 3 times consecutively in a 30-minute time interval, then a CATPCHA image will be displayed. The user now has to enter the correct credentials, plus the characters shown in the CAPTCHA image, to successfully log into AD360.
- Select Enable Audio CAPTCHA to assist visually impaired users.
Note: When audio CAPTCHA is enabled, only digits will be shown in the CAPTCHA image. If a browser doesn’t support audio CAPTCHA, then the default CAPTCHA image (with letters and digits) will be shown.
- Click Save Settings.
Block Users Settings
Using this option you can block users from accessing AD360 after a certain number of invalid login attempts for a defined time interval. A blocked user cannot log into AD360.
Steps to block users:
- Log into AD360 as an administrator.
- Navigate to Admin → Administration → Logon Settings, and click the General tab.
- Select the option Block users after invalid login attempts.
- Enter the number of invalid login attempts after which the users should be blocked.
- Enter the threshold (in minutes) to reset the invalid login attempts. After the specified time period, the invalid login attempts will be reset.
- Enter the number of minutes users should be blocked.
- Illustration: Consider the following limits:
- Invalid login attempts limit ‘3’ within ‘5’ minutes.
- Reset the invalid attempts limit after ’30’ minutes
- In the above illustration, if a user fails login 3 times in a 5-minute time interval, then the user will be blocked from logging into AD360 for 30 minutes.
- Click Save Settings.
Other Settings
If you want to hide the ‘Forgot Password?’ link in the login page, then enable the Hide ‘Forgot Password?’ link in login page option.