Configuring Organization Security Policies
Last updated
Last updated
📘 Organization Security Policies are part of our Enterprise plans. Please contact us if you are interested in this feature.
A number of configurable security policies are available that apply to all members of your organization.
To access policies, go to Org Settings and click the Security Policies tab. Admins will see a new Policies section that contains all new organizational security policy settings. Only admins can manage these policies.
This policy ensures that team member passwords get reset frequently.
This policy is configured as the number of days between password reset.
Instructions
Toggle on the switch to the right of ‘Expire Passwords’ in the Policies section
You will see a field appear called ‘Expiration Time in Days’
Set this field to the desired number of days, such as 90
Click Update Policies at the bottom of the page to Save
This policy will lock out a team member if they fail too many times to login, as a prevention against hackers or brute force attacks.
This policy requires 3 values: the number of failed attempts that are allowed (X), the amount of time allotted to successfully login in minutes (Y), and the amount of time that the team member will be locked out of their account if they fail to login in minutes (Z).
Instructions
Toggle on the switch to the right of ‘Lockout Team Members After Failed Login Attempts’ in the Policies section
You will see 3 fields appear
Fill out values for X Failed Attempts, Y Minutes, and Z Minutes Locked Out. Sample values would be 6, 10, and 3. (6 Failed Attempts in 10 Minutes Results in 3 Minute Account Lockout) Click Update Policies at the bottom of the page to Save
This policy ensures that team members are logging into the Nami Control Center regularly, and that inactive team member accounts aren’t vulnerable.
This policy is configured in days.
Instructions
Toggle on the switch to the right of ‘Disable Inactive Team Members’ in the Policies section
You will see a new field appear called ‘Inactivity Time Period in Days’
Enter a value for the Inactivity Time Period, such as 90 days
Click Update Policies at the bottom of the page to Save
There are 2 values governing how long team Nami Control Center member sessions are. Inactive Session Length refers to how long a team member can be inactive on their device before the system logs them out. Max Session Length refers to the total session length a team member can have, regardless of activity.
Both values are configured in minutes. Nami sets defaults for these session values, but you can configure them to be shorter.
For an example: the Inactive Session Length is 10 minutes and the Max Session Length is 20 minutes. A team member logs in on their browser and then checks email for 10 minutes, leaving the Nami Control Center open but inactive in another tab. When they return to the Nami Control Center, they will have been logged out. However another team member logs in on their browser and works in the Nami Control Center for 20 minutes straight. After 20 minutes, the Control Center logs them out and requires them to log in again, even though they have been active.
Instructions
Navigate to the bottom of the Policies section
Inactive Session Length is set by default to 14 days, or 20160 minutes. To change this policy, set this value to a lower number such as 30 minutes.
Max Session Length is set by default to 14 days, or 20160 minutes. To change this policy, set this value to a lower number such as 90 minutes.
Click Update Policies at the bottom of the page to Save
Max Session Length must be greater than or equal to Inactive Session Length
