To modify your organization's AssureSign security settings, you must be an administrator in your organization across all your environments.
Important: An important part of managing security is implementing a process for disabling users when they are no longer with your organization, or when they should no longer have access to AssureSign documents. Tools are available within the AssureSign Administration section for managing user access, however you must implement procedures to ensure your organization’s policies regarding document access are met.
After logging in, if you are taken to a specific environment account such as on https://www.assuresign.net or https://sb.assuresign.net, you may return to manage your account the in following ways:
- go to https://account.assuresign.net in your browser, then select "Settings"
- from the start page, click on the VIEW MY ACCOUNT button, then select "Settings"
- click on My Profile in the upper right corner, then select "Settings"
You should then see security related settings:
Core Settings
Users must change their password on first login
We recommend you enable this so that when a new password is issued for a user they are required to change the password.
When someone enters the wrong user name or password
You may change the behavior for what occurs when a known user in your organization enters an invalid password. You may elect to
- allow users to continue to attempt to sign in ("Allow users to retry"),
- introduce a temporary lock which automatically releases ("Delay after each failure"),
- or lock the account after a specific number of bad attempts.
Note that a user's bad attempts count resets if they are unlocked or if they log in successfully. When a user's account is locked they will be unable to reset their own password and will require assistance from an administrator in your account.
How often should passwords expire
Options are to expire passwords after 30, 60, or 90 days. You may also select to not require password expiration. This should be set according to your organizations internal policies regarding user passwords.
A user's password must be at least ...
Options are minimum lengths of 8,9 or 10 characters. Users may elect to have longer passwords, but this will require they minimally create a password of the length you set here.
How long before a user can reuse a password
You may allow users to re-use their current password. If that is allowed then when they reset their password they will be allowed to enter their current password.
You may have a requirement that users' previous passwords are tracked so that they must provide new unique passwords when their password is reset. You may set this to track from 1 to 5 previous passwords.
Advanced Settings
IP Address Settings
You may enter ranges of IP addresses to either explicitly allow traffic to your account or to explicitly disallow.
If you enter ranges of IP address from which to allow traffic (whitelisting), then any traffic from an IP address not contained in your listed allowed ranges will be disallowed. For example, users that provide correct credentials to sign into your account but are coming from an IP address not covered by the entered allowed ranges will be told the IP address detected on their session is not allowed.
If you enter ranges of IP addresses from which to disallow traffic (blacklisting), then traffic from IP addresses in the disallowed ranges will be disallowed.
Typically, you would set only one or the other type of IP address settings.