How does Security function work?

This article mentions what you can do on the "Security" page of Team admin.

Index
・What's Security function?
・Password policy
　┗ Password policy you can edit:
　┗ Changes after the password policy is updated
・Login notification
・Account lockout
　┗ What you can modify
　┗ When an account is locked...
　┗ How to log back in after the account is locked out
・Reset member's password
　┗ How to set up　※You can't reset all members passwords at once.
・Login history
　┗The following information will be displayed:
・Security policy on Unipos

 

 

▼What's Security function?

• Password Policy
  You can set details for passwords such as the length, complexity, restrictions on using past passwords, and expiration.
  
  
• Password Resetting (Admin only)
  The adminin can reset the member's password.
  ​
• Account Lockout
  Account lockout can be activated when a user fails to login consecutively. Account can be locked for a designated period of time or the user must reset the password in order to log in again.
  ​
• Login Notification
  When a user logs in to Unipos, they can receive a notification e-mail.
  ​
• Login History
  The login data for the past 180 days can be searched and displayed.
  Info we can display: Date and time, e-mail address, login results (successful/unsuccessful), device information (OS: browser), and IP address​
  ​
• Session Timeout
  When a user is idle for a certain period of time, the session can be terminated. ​
  For more information, click ”Session timeout settings”.

 

▼Password policy

>Click "Team Admin" > "Security" > "Security Settings."
>"Password policy."

You can set up a password policy to enhance security by editing conditions for password history, number of letters, letters to use, etc. Please see below for details.

​

▽Password policy you can edit:

• Minimum number of letters for password (8 letters and up)
  The default setting is 8 letters.
  
  
• Restrictions on password letters
  You can choose the conditions on password letters from below:　
  　・No restrictions
  　・Include half-width alphanumeric letters.
  　・Include half-width alphanumeric letters, upper-case letters, and lower-case letters.
  　・Include half-width alphanumeric letters and signs.
  　・Include half-width alphanumeric letters, upper-case letters, lower-case letters, and signs.
  
  
• Restrictions on using past passwords
  Set 1 generation or more and 24 generations or less.
  You can choose whether users are allowed to reuse their past passwords.
  Example) If you set "1 generation", users can't reuse their previous password but can reuse any passwords older than that.
  
  
• Password expiration
  You can set up expiration period for users' passwords.
  Example) If you set "90 days", passwords will be expired 90 days after registration and will need resetting.

▽Changes after the password policy is updated

The login process will not be affected until members change their passwords next time.

If you would like to encourage members to change their passwords after the update of the password policy, you can do so through one of the following 3 ways.

• The admin resets applicable members' passwords from the "Team Admin" screen.
•  The admin contacts applicable members directly and ask them to change their passwords.
• Set an expiry date for the current passwords.

※Please refer to this page for how to reset members' passwords.

 

 

▼Login notification

>Click "Team Admin" > "Security" > "Security Settings."
>"Login notification."

Users can receive a login notification when they login to Unipos. This will allow users to identify unauthorized login by third parties in a timely manner.

​

 

▼Account lockout

>Click "Team Admin" > "Security" > "Security Settings."
>"Account lockout."

This function is available to protect accounts from attackers' attempts to guess users' passwords. If login attempts keep falling through after a certain number of times, the account will be locked for a designated period of time.
This is also applicable when users themselves fail to enter their passwords.

※The account lockout function cannot be disabled.

※If your organization uses SSO, this function will only be applied to the users who have an admin authority.

 

▽What you can modify

• Number of Login Failures
  The number of login failures allowed before the account is locked.
  The default number of login attempt is 10 before the account is locked out.
  
  
• Account Lockout Time
  The length of time before the account lockout is cancelled.
  The default account lockout attempt time is 15 minutes and the account will be locked out.
  

※The number of login failures and account lockout time cannot be left blank.

 

▽When an account is locked...

• The account can't be accessed even when the correct password is entered.
• An e-mail will be sent to your registered email address to notify that there may have been unauthorized login attempts.
• Account lockout won't be notified on the login screen.

 

▽How to log back in after the account is locked out

• The user or admin need to reset the password for the account.
• If you know the correct email address and password to log in, please wait until the account is unlocked and try logging back in.
  
  ※You will NOT receive a notification after the account is unlocked. Please wait longer than the specified account lockout time and log back in.

​

 

▼Reset member's password

Use this function when:

• You want to protect an account.
• You want to unlock an account.
• You want to reset a password for a user who has forgotten their password.

 

▽How to set up　※You can't reset all members passwords at once.

> Click "Team Admin" > "Member" 
> Choose a member you want to reset the password for.
> Click "Reset Password."

> Click "Reset."

 

The member will receive an e-mail to reset the password.

 

 

▼Login History

>Click "Team Admin" > "Security" > "Login History."

The system admin can monitor the history of login attempts in Unipos for the last 180 days.

 

▽The following information will be displayed:

• Date and time（The data and time is based on the team's registered time zone.）
• E-mail address used for login ※
• OS/browser information
• IP address

※You can search by e-mail address only. (Your input must exactly match the registered e-mail address.)

If you leave the e-mail address field blank, you can see the login history for all accounts.​
※If you use Unipos with a collaboration tool such as Slack or Teams, it will not be included in the login history.

 

 

▼Security policy on Unipos

Transmission encryption All transmission is encrypted with SSL/TLS.

Database encryption
All of our data stored by our members are valuable. Our data is saved in the encrypted database.

Reliable data center
Google has proven performance and excellent reliability.

We proudly use Google Cloud Platform:
https://unipossupport.zendesk.com/knowledge/articles/360031102672/ja?brand_id=360002333191 　

Cleared vulnerability assessment based on international security standard
Unipos has cleared a vulnerability assessment performed by a third-party organization. The assessment was based on ASVS 3.0 Level 1, which is an international diagnostic standard for software systems.

Secure information management
Unipos has obtained international security standard, ISO27001 (ISMS). We continue to strive for secure information management through third-party security audit.

See more details here.

All stored information, such as posted content and personal information, is encrypted and stored.