Login Settings

Use the Login Settings tab to configure general settings for login criteria.

Note: Any user discovered by an aggregation task appears in the identities lists and can be assigned work items. Before a user can access IdentityIQ and the work item, they must be validated by an authentication verification server.

Use Auto create user rules when adding users to the application. The first time a user logs into the application, and is verified by the pass-through server, the Auto create user rules creates an IdentityIQ user based on specifications defined in this rule. Those rules are applied each time the user accesses product.

The following table describes the login settings.

Specify an application to use as the authentication verification server for all users logging into IdentityIQ.

Specify an auto create user rule to use when creating IdentityIQ identities based on account attributes discovered during aggregations.

Click the [...] icon to launch the Rule Editor to make changes to your rules if needed. See Using the Rule Editor

If you select Simple and are using the Lockout feature, users that are locked out do not receive a message providing that information.

Select a login error message style.
Simple – shows an error with no information about what is incorrect.
Detailed – provides information about the incorrect part of the login. For example, Invalid password for user admin.

Specify how navigation is handled after a session times out and you log back in to that session.

If checked, the Home page is displayed. If not, the session returns to the page that was viewed at the time of the timeout.

Note: This option is only associated with the IdentityIQ password. It does not apply to the pass through authentication application. For example, if a user is locked out of directly logging into IdentityIQ, but they enter the correct information on the pass through authentication server, they are allowed into the application.

Enable a lockout period for users who enter the wrong authorization information.

Use the options that display to set the lockout parameters.

Specify the number of login attempt failures allowed before the user is locked out of IdentityIQ.

Specify the number of minutes a user is locked out of IdentityIQ before they can attempt to login again.

Select this if you want users marked as "Protected" (such as the default spadmin user) to be treated the same as other users in authorization lockout. Leave it unchecked if you do not want protected users to be subject to lockout.

By default, only the spadmin user is marked as protected; if there are other users you want to protect from lockout, you can make them protected by adding a protected="true" flag to the user's Identity object in the Debug Pages.