Articles in this section

How does Security function work?

  • Updated

This article mentions what you can do on the "Security" page of Team admin.

This function is available on Enterprise plan.

 

Contents
What's Security function?
・ Password policy
・ Login notification
・ Account lockout
・ Reset member's password
・ Session timeout
・ Login history
・ Security policy on Unipos

 

▼What's Security function?

  • Password Policy
    You can set details for passwords such as the length, complexity, restrictions on using past passwords, and expiration.
    See also: Setting Password Policy

  • Password Resetting (Admin only)
    See also: Reset Members' Passwords
  • Account Lockout
    Account lockout can be activated when a user fails to login consecutively. Account can be locked for a designated period of time or the user must reset the password in order to log in again.
    See also: Lock an Account After Consecutive Login Failure
  • Login Notification
    When a user logs in to Unipos, they can receive a notification e-mail.
    See also: Set Up Login Notification E-mail
  • Login History
    The login data for the past 180 days can be searched and displayed.
    Info we can display: Date and time, e-mail address, login results (successful/unsuccessful), device information (OS: browser), and IP address​
    See also: Check Login History
  • Session Timeout
    When a user is idle for a certain period of time, the session can be terminated. ​
    See also: Set Up Session Timeout

 

▼Password policy

>Click "Team Admin" in the sidebar.
>Click "Security" in the sidebar.
>Click "Security Settings."
>Click "Password Policy" at the top of the page.

You can set up a password policy to enhance security by editing conditions for password history, number of letters, letters to use, etc. Please see below for details.

▽Password policy you can edit:

・Minimum number of letters for password (8 letters and up)
(The default setting is 8 letters.)

・Restrictions on password letters
You can choose the conditions on password letters from below:

  • No restrictions
  • Include half-width alphanumeric letters.
  • Include half-width alphanumeric letters, upper-case letters, and lower-case letters.
  • Include half-width alphanumeric letters and signs.
  • Include half-width alphanumeric letters, upper-case letters, lower-case letters, and signs.

・Restrictions on using past passwords
You can choose whether users are allowed to reuse their past passwords.

Example) If you set "1 generation", users can't reuse their previous password but can reuse any passwords older than that.

・Password expiration
You can set up expiration period for users' passwords.

Example) If you set "90 days", passwords will be expired 90 days after registration and will need resetting.

 

 

▼Login notification

Users can receive a login notification when they login to Unipos. This will allow users to identify unauthorized login by third parties in a timely manner.

 

▽How to set up

Click "Team Admin" in the sidebar.
>Click "Security" in the top right-hand corner.
>Click "Security Settings."
>Click "Login Notification", and "Edit" 
Click "Send" and save.

 

▼Account lockout

This function is available to protect accounts from attackers' attempts to guess users' passwords. If login attempts keep falling through after a certain number of times, the account will be locked for a designated period of time.

This is applicable when users themselves fail to enter their correct user name and password.

 

▽How to set up account lockout

Click "Team Admin" in the sidebar.
>Click "Security" in the top right-hand corner.
>Click "Security Settings."
>Scroll down to "Account Lockout."

Set up the number of login failures and account lockout time.

▽What you can modify

・The number of login failures allowed before the account is locked.
・The length of time before the account lockout is cancelled.

▽When an account is locked...

・The account can't be accessed even when the correct password is entered.
(Account lockout won't be notified on the login screen.)

・An e-mail will be sent to the entered e-mail address to notify that there may have been unauthorized login attempts.

*If you need to use the locked account right away, please reset your password here or request the admin to reset your password.

 

 

▼Reset member's password

Use this function when:

・You want to protect an account.

・You want to unlock an account.

・You want to reset a password for a user who has forgotten their password.

 

▽How to set up

Click "Team Admin" in the sidebar

> Click "Member" in the top right-hand corner.

> Choose a member you want to reset the password for.

> Click "Reset Password."

reset_password.png

> Click "Reset."

The member will receive an e-mail to reset the password.

reset_complete.png

 

▽What happens when I reset password?

You can deactivate the member's password from "Edit Members" screen.

By activating this function, ALL of the Unipos users will be automatically logged out.

Click here to reset password.

*You can reset password one by one from the "Member" page.

*You can't reset all passwords at once.

 

▼Session timeout ※Only web version

This feature mitigates the risk of exposure to the network when a member is away from their computer while they are still logged in.

By activating this function, user will be logged out when they don't perform any action for a certain period of time.

▽How to set up Session Timeout

Click "Team Admin" in the sidebar.
>Click "Security" in the top right-hand corner.
>Click "Security Settings."
>Scroll down to the bottom of the page and click "Session Timeout."
Enter the period of time in a half-width number.

​▼Note:

* This function is available only on the web platform.

* This setting will be deactivated by leaving the time field blank.

* When the SSO (Single Sign-On) setting is activated, members are not able to log in from the regular login screen.

Please inform the SSO login method to the members beforehand.

 

▼Login history

The system admin can monitor all the login attempt history on Unipos.​

 

▽How to check login history

> Click "Security" in the top right-hand corner.
> Click "Security Settings."
> Click "Login History."
Please follow the procedures above to see login history.

 

▽Here are the things an admin can monitor

Whether login was successful over the past 180 days.


The following information will be displayed:
・Date and time
・E-mail address used for login
・OS/browser information
・IP address


* You can search by e-mail address only. (Your input must exactly match the registered e-mail address.)

* The e-mail address used for login will be displayed. Please note members may have changed their registered e-mail address.

* If you leave the e-mail address field blank, you can see the login history for all accounts.​

 

 

▼Security policy on Unipos

Transmission encryption All transmission is encrypted with SSL/TLS.


Database encryption                                      All of our data stored by our members are valuable. Our data is saved in the encrypted database.

Reliable data center
Google has proven performance and excellent reliability.                      We proudly use Google Cloud Platform: https://unipos-support.zendesk.com/knowledge/articles/360031102672/ja?brand_id=360002333191  

Cleared vulnerability assessment based on international security standard
Unipos has cleared a vulnerability assessment performed by a third-party organization. The assessment was based on ASVS 3.0 Level 1, which is an international diagnostic standard for software systems.


Secure information management
Unipos has obtained international security standard, ISO27001 (ISMS). We continue to strive for secure information management through third-party security audit.

Related articles