Configure security settings to define how users access magnews and protect your account in a simple and controlled way.
These settings allow you to secure access, reduce the risks related to unauthorized use, and adapt the rules to how your team works, finding the right balance between security and ease of use based on your needs.
Where to find security settings
To view or edit your account security settings, follow this path: Settings > Users and security > Account security.
Here you can check the active rules and, if needed, customize them. If you have never made changes, you will find the default values already configured.
How to read security settings
Each parameter is associated with an icon that helps you quickly understand its status:
Custom value: you have modified the setting compared to the default
Default value: you are using the standard configuration
Non-editable value: this is a basic security rule, always active
To edit the available parameters, click Edit settings.
Account security settings
In the Account tab, you can configure general rules valid for all users.
- Session: you can define the duration of the user session. The session expires after a period of inactivity; when it expires, the user is required to enter the password again.
A longer duration makes daily work easier, but a shorter duration increases security, especially in shared workstations. - Automatic suspension: users who do not access the platform for a certain number of days are automatically suspended.
The rule applies to all users, but you can still set exceptions in the individual user profile. - Support (help desk support): if enabled, it allows the magnews support team to access your account. Access is used only when necessary and for support activities.
Security settings for username and password
These settings allow you to define more or less restrictive access rules.
Password
Password duration: defines how long the user’s password remains valid (from 15 days to 6 months). When it expires, the user must set a new one, different from the previous ones.
An unlimited expiration option is also available, but it is not recommended for security reasons.Maximum number of login attempts: defines how many times a user can enter an incorrect password (from 3 to 10 attempts).
Once the limit is exceeded, the user is locked.Lock duration: defines how long the user remains locked after too many failed attempts (from 30 to 90 minutes).
During this period, access to the account is not allowed.
Password requirements
Minimum length: defines the minimum number of required characters (from 4 to 20).
Password history: defines how many previous passwords cannot be reused (from 3 to 10).
Username
Minimum length: defines the minimum number of required characters (from 3 to 100).
Use of customer code: you can prevent the username from containing the customer code, for example to avoid easily guessable credentials.
However, if you use the email address as username and the domain contains the company name (usually the same as or similar to the customer code), this rule may prevent its use.
Reset default settings
With the Reset button, you can revert all values to magnews default settings.
To apply the changes, remember to click Save: this will replace the current settings with the default values.
If you click Reset but then exit without saving (or click Cancel), the changes are not applied and your settings remain unchanged.
Security settings for individual users
In addition to general settings, for each user you can decide to:
- Not suspend the user for inactivity
- Disable password expiration (note: in some countries, privacy regulations prohibit accounts with unlimited password validity)
- Restrict access to magnews only from specific IPs
To configure these operations, go to the individual user management page by following the path Settings > Users and security > Users > Username.
Click on the Edit button at the top right of the profile and, in the Security tab, configure the above settings