UPSSO ADMINISTRATION – GLOBAL APPLICATION SETTINGS

This document provides information about the global settings of the UPSSO application.

HOW TO ACCESS UPSSO SETTINGS

  1. Login into the UPSSO application as an administrator
  2. Click on the Settings link from the left side navigation menu.

DESCRIPTION OF EACH SETTING

CONFIG NAMEVALUEDEFAULT VALUEDESCRIPTION
Enable OTP For AdminYES/NONOIf selected YES then the system will perform OTP verification for all UPSSO administrators for signing into the UPSSO portal
Update LDAP Data In DatabaseYES/NOYESIf selected YES then whenever an LDAP user sign-in into the UPSSO application her data will be updated in the UPSSO database as per her LDAP record. If any data such as email or mobile is changed in LDAP then the same will be updated in the UPSSO system.
OTP TimeoutNumber of seconds60The number of seconds after which an SMS/Email OTP will become invalid. For example, if you want to set 10 minutes timeout the specify 600.
OTP Resend Button Active in TimeNumber of seconds15The number of seconds it will take to make the “Resend OTP” button active after entering the OTP. This needs to be decided based on the expected delay for receiving OTP using Email/SMS.
Enable Two Factor AuthenticationYES/NOYESIf selected NO then the system will not ask any user to verify the OTP to connect to applications or devices.
Enable Two-factor Authentication PopupYES/NOYESIf selected NO then the system will not prompt the user to select the OTP method when connecting to an application. The system will consider the Two-factor authentication method specified in the user profile.
Logout IDP on Receiving Logout Request From SPYES/NOYESIf selected YES the user will be logged out of UPSSO IDP whenever she logged out of any SAML SP such as CyberArk or Salesforce
Password Complexity RegEXA regular expression string ((?=.\d)(?=.[a-z])(?=.[A-Z])(?=.[@#$%]).{8,40})This regular expression string will be used for validating password complexity wherever user is entering password. If AD integration is done, then please make sure this password complexity rule is matching with the AD policy.
Password Complexity MessageAn error message stringPassword should contain Atleast one number, letter and special characterA message that will be displayed to user when password complexity fails
Invalid Login ThresholdNumber of times5The maximum number of times a user can enter invalid credentials. Once a user exceeded this threshold she will be locked for a while.
User Lock TimeoutNumber of seconds300This is the period in seconds after which a user will be automatically unlocked
Enable Auto Onboarding of LDAP UserYES/NOYESIf selected YES, whenever a LDAP user authenticates with UPSSO, her details will be automatically created in UPSSO database.
UPSSO Password Expire (in Days)Numbers of days30This is the period after which the password will expire for UPSSO users. The system will force the users to change the password after this period.
Google AuthenticatorCheckedWhen unchecked Google Authenticator won't be available for the users for OTP verification
SMS AuthenticationCheckedWhen unchecked SMS won't be available for the users for OTP verification
SMS/E-Mail AuthenticationCheckedWhen unchecked "SMS/E-Mail" combination won't be available for the users for OTP verification