Security Policies

Follow

Introduction

In Evolve Recruitment Marketing (RM), account/company security is maintained inside each provisioned account. Some default standards can be modified to meet the solution being configured. Each module usually requires modification to various roles and privileges. The default security policy has been designed to pass most security audits and penetration tests. The security policy(s) are assigned to users.

Audience

Company Administrator

Add or Edit Security Policy

Navigate to your user menu, then select Security.  

user menu security.png

Click Policies.

Policies menu.png

Click Add Security Policy to create a new security policy, or click Edit next to an existing security policy.

Add or Edit Policies.png

You can edit the following fields:

  • Policy Name - The name of the security policy.
  • Description - List anything in here to help users understand the policy.
  • Set as Default - To make the security policy the default for any new users created.
  • User Password Expires in - Can be set from 30 days to one year. After that time has passed, when the user logs in, they will be forced to change their password to continue.
  • Minimum Password Length - 8,10,12 characters are allowed.
  • Maximum Invalid Login Attempts - 3, 5,10 are permitted.
  • Session Timeout -The amount of inactive time before the user is forced to log in again. Ten minutes to eight hours is acceptable.
  • Enforce Password History - Forces the user to enter a new password and cannot be one of the past number of passwords. The enforcement can be the last three or five passwords.
  • Password Complexity - This enforces how passwords are constructed. The options are letters and numbers, upper- and lowercase letters and numbers, or upper- and lowercase letters, numbers, and digits.
  • Invalid Login Lockout Period - After a user tries an invalid login the maximum number of times, the account will be locked for this many minutes. 15, 30, or 60 minutes is acceptable.
  • Allowed to access IP Address subnet - This setting forces all users at the company to access Evolve RM from a list of IP address subnets.
    • Blank means there is no restriction.
    • Enter one or more IP Address subnets separated by commas. Example: 192.168.0.01/24
    • For more information on subnets or tools to generate a subnet, please check http://jodies.de/ipcalc (the value you use is Network).
    • NOTE:
      • If you enter an invalid subnet mask, you cannot log in to Evolve RM. To fix this issue, you will need to submit a Help Center Ticket.
      • Configuring a subnet mask and your employees log into the career site will force them to use a VPN or be in an office. This may reduce the usage of internal career sites to make referrals or internal job applications.
  • Allowed to access from Countries —This setting checks the country associated with a user's IP address when they try to access Evolve RM.
    • Add one or more 2-letter ISO country codes (separated by commas) if you wish to restrict access.
    • If the setting is blank, country restrictions are not enforced.
    • NOTE: If you put in one or more country codes (or invalid codes) here and your IP is not from those countries, you cannot log in to Evolve RM. Please submit a Help Center Ticket to fix this issue.

Add or Edit Policies Menu.png

Click Save to add the new policy or save your changes.

Was this article helpful?
0 out of 0 found this helpful