Logins
Logging in to WorkBook can happen in one of 3 ways.
- Username & Password
- Username + LDAP Password
- SAML Authentication
For more information about these advanced login methods, see the link articles above.
For a user to successfully login to WorkBook, the following requirements must be satisfied.
- Username for the user is set
- The user is not blacklisted
- The account has not been inactive for more than the system variables allow
- The HireDate is less than today
- The EndDate is larger than today
Passwords
WorkBook has a fine-grained system for controlling password requirements. The following system variables can be used to configure password requirements.
633 / PasswordPolicyNumbers | Password must contain numbers (0123456789) |
634 / PasswordPolicySpecialChars | Password must contain special characters (~`!#$%^&*()-+=?|\/,;:) |
635 / PasswordPolicyLetters | Password must contain upper or lower case letters, or both |
244 / PasswordMinimumNumOfChars | Password mininum length |
708 / PasswordPolicyHistory | Is the user allowed to reuse old passwords: how many passwords should the system look back on? |
WorkBook can also control how often a user must change password, the system variable “154 / PasswordChange” controls this.
Remember me
WorkBook also allows you to control how long the remember me function should be valid, and if it should be limited to an certain ip range.
This is not implemented in Version 9
686 / LoginRememberMeAllowed | Login “Remember Me” allowed, yes/no |
687 / LoginRememberMeDayExpire | Login “Remember Me” cookie expires after x days (0 = no expiry date / no limits) |
688 / LoginRememberMeIPRange | IP range that is allowed to use “Remember Me” (Empty = no limits) IP Range format: 192.168.0.0/24 |
Account inactivity
An account can be disabled after X days of inactivity. If the user has not logged in during the period, the user’s password then needs to be changed by a system administrator to reactivate it. This is controlled by system variable: 713 / DisableAccountAfterDaysOfInactivity
Blacklisting
WorkBook has a built-in login blacklist. If an ip address makes too many attempts against a certain username, the remaining login attempts will not be validated and just rejected.
709 / MaxInvalidPasswordAttempts | How many times can a user attempt to login with a wrong password before the system will disable the user account? |
712 / InvalidPasswordLockoutTime | Invalid password: how much lockout time before relogin is possible |
Audit / Reporting
There are two relevant Data Exports named “Employee login status” and “Employee login session history” that will display information about the user’s login history.
In the license control panel, you can find an additional report displaying all users assigned a license in WorkBook.