Articles in this section

How does Security function work?

  • Updated

※This function is available for organization with the Enterprise plan.

This article mentions what you can do on the "Security" page of Team admin.

Index
What's Security function?
Password policy
 ∟Password policy you can edit:
 ∟Changes after the password policy is updated
Login notification
Account lockout
 ∟What you can modify
 ∟When an account is locked...
Reset member's password
 ∟How to set up ※You can't reset all members passwords at once.
Login history
 ∟The following information will be displayed:
Security policy on Unipos

 

 

▼What's Security function?

  • Password Policy
    You can set details for passwords such as the length, complexity, restrictions on using past passwords, and expiration.
    See also: Setting Password Policy

  • Password Resetting (Admin only)
    See also: Reset Members' Passwords
  • Account Lockout
    Account lockout can be activated when a user fails to login consecutively. Account can be locked for a designated period of time or the user must reset the password in order to log in again.
    See also: Lock an Account After Consecutive Login Failure
  • Login Notification
    When a user logs in to Unipos, they can receive a notification e-mail.
    See also: Set Up Login Notification E-mail
  • Login History
    The login data for the past 180 days can be searched and displayed.
    Info we can display: Date and time, e-mail address, login results (successful/unsuccessful), device information (OS: browser), and IP address​
    See also: Check Login History
  • Session Timeout
    When a user is idle for a certain period of time, the session can be terminated. ​
    See also: Set Up Session Timeout

 

▼Password policy

>Click "Team Admin" > "Security" > "Security Settings."
>"Password policy."

You can set up a password policy to enhance security by editing conditions for password history, number of letters, letters to use, etc. Please see below for details.

▽Password policy you can edit:

  • Minimum number of letters for password (8 letters and up)
    (The default setting is 8 letters.)

  • Restrictions on password letters
    You can choose the conditions on password letters from below: 
     ・No restrictions
     ・Include half-width alphanumeric letters.
     ・Include half-width alphanumeric letters, upper-case letters, and lower-case letters.
     ・Include half-width alphanumeric letters and signs.
     ・Include half-width alphanumeric letters, upper-case letters, lower-case letters, and signs.

  • Restrictions on using past passwords
    You can choose whether users are allowed to reuse their past passwords.
    Example) If you set "1 generation", users can't reuse their previous password but can reuse any passwords older than that.

  • Password expiration
    You can set up expiration period for users' passwords.
    Example) If you set "90 days", passwords will be expired 90 days after registration and will need resetting.

▽Changes after the password policy is updated

The login process will not be affected until members change their passwords next time.

If you would like to encourage members to change their passwords after the update of the password policy, you can do so through one of the following 3 ways.

  • The admin resets applicable members' passwords from the "Team Admin" screen.
  •  The admin contacts applicable members directly and ask them to change their passwords.
  • Set an expiry date for the current passwords.

※Please refer to this page for how to reset members' passwords.

 

 

▼Login notification

>Click "Team Admin" > "Security" > "Security Settings."
>"Login notification."

Users can receive a login notification when they login to Unipos. This will allow users to identify unauthorized login by third parties in a timely manner.

 

▼Account lockout

>Click "Team Admin" > "Security" > "Security Settings."
>"Account lockout."

This function is available to protect accounts from attackers' attempts to guess users' passwords. If login attempts keep falling through after a certain number of times, the account will be locked for a designated period of time.

This is applicable when users themselves fail to enter their correct user name and password.

 

▽What you can modify

  • Number of Login Failures
    The number of login failures allowed before the account is locked. Leave blank to disable it.

  • Account Lockout Time
    The length of time before the account lockout is cancelled. Leave blank to disable it.

▽When an account is locked...

  • The account can't be accessed even when the correct password is entered.
  • An e-mail will be sent to the entered e-mail address to notify that there may have been unauthorized login attempts.

※Account lockout won't be notified on the login screen.

※If you need to use the locked account right away, please reset your password here or request the admin to reset your password.

 

▼Reset member's password

Use this function when:

  • You want to protect an account.
  • You want to unlock an account.
  • You want to reset a password for a user who has forgotten their password.

 

▽How to set up ※You can't reset all members passwords at once.

> Click "Team Admin" > "Member" 
> Choose a member you want to reset the password for.
> Click "Reset Password."

reset_password.png

> Click "Reset."

 

reset_complete.png

The member will receive an e-mail to reset the password.

 

 

▼Login History

>Click "Team Admin" > "Security" > "Login History."

The system admin can monitor the history of login attempts in Unipos for the last 180 days.

 

▽The following information will be displayed:

  • Date and time(The data and time is based on the team's registered time zone.)
  • E-mail address used for login ※
  • OS/browser information
  • IP address

※You can search by e-mail address only. (Your input must exactly match the registered e-mail address.)

If you leave the e-mail address field blank, you can see the login history for all accounts.​

 

 

▼Security policy on Unipos

Transmission encryption All transmission is encrypted with SSL/TLS.


Database encryption
All of our data stored by our members are valuable. Our data is saved in the encrypted database.

Reliable data center
Google has proven performance and excellent reliability.

We proudly use Google Cloud Platform:
https://unipossupport.zendesk.com/knowledge/articles/360031102672/ja?brand_id=360002333191  

Cleared vulnerability assessment based on international security standard
Unipos has cleared a vulnerability assessment performed by a third-party organization. The assessment was based on ASVS 3.0 Level 1, which is an international diagnostic standard for software systems.


Secure information management
Unipos has obtained international security standard, ISO27001 (ISMS). We continue to strive for secure information management through third-party security audit.

See more details here.

All stored information, such as posted content and personal information, is encrypted and stored.

 

Related articles