Security Settings Tab

Use this tab to establish password life and password complexity parameters to apply across all companies.

You can also use this tab to activate verification of employee status at login, define system-wide parameters for one-time passcode authentication, and to configure FIDO settings.

Login Settings

Use the fields and options in this group box to configure login settings for employees.

Field Description
Disable Inactive Users Period (Days)

Enter the number of days since the last login date before a user becomes inactive in this field. Enter zero to turn off validation.

Verify Employee Status at Login

Select this check box to have Costpoint verify that the linked employee ID is still active in the employee master.

If you select this check box, Costpoint compares the Deactivation Date on the Information tab of the Manager Users screen  to the Termination date on the Employee Info tab of the Manage Employee Information screen. If the Termination date and the Deactivation Date are the same, the user can still enter Costpoint on that date. If the Termination date is later than the Deactivation Date, the user can no longer enter Costpoint.

Allow to use PIN on a mobile device

Select this check box to allow users to authenticate login using a personal identification number (PIN) instead of a password when logging in to Costpoint on a mobile device.

To use this functionality, users must first enter their correct password and keep the Use PIN check box selected on the mobile login page and enter their PIN twice. The next time users try to log in to Costpoint, only the PIN will be required.

The Use PIN check box is selected by default. Users that opt not to use this functionality can select the Skip PIN setup check box when asked to set up the PIN upon login.

Note: This PIN is different from the PIN that is established in the 2FA Settings group box on the Authentication tab of the Manage Users screen. If 2FA is enabled for the user, the mobile PIN is unavailable for that user.

2FA Authentication

Use the fields in this group box to set up system-wide parameters for one-time passcode authentication.

Field Description
User Pin Required

Select this check box to enforce user PIN at login. The PIN for the specific user is set up in the 2FA Settings group box on the Authentication tab of the Manage Users screen and can be changed on the Configure User Preferences screen.

Passcode Valid For

Enter the number of minutes or hours for which the one-time passcode will remain active. From the drop-down list on the right of this field, select either Minutes or Hours.

For example, if you enter 20 and select Minutes, the one-time passcode will remain active for 20 minutes.

New Passcode Required After

Enter the login interval value. From the drop-down list on the right of this field, select the timeframe that indicates how long users can use the one-time passcode after a successful login on a device. Valid options are:

  • Minutes
  • Hours
  • Days
  • Weeks
  • Months

For example, if you enter 2 and select Weeks, a new passcode is required after two weeks. Users do not have to enter a one-time passcode for two weeks. If you enter 0, users are required to enter a passcode each time they log in to Costpoint.

Login Help Desk Message

Use this field to enter a Help Desk message that will display on the login screen when Costpoint asks for the one-time passcode. It is recommended that this message contains the Help Desk contact information in case a user does not receive the one-time passcode electronically.

FIDO Settings

Use the fields in this group box to restrict the use of certain FIDO devices for login and digital signing.

Field Description
Enforce User Verification Select this check box to require all FIDO devices to have a biometric authentication component for user verification, such as a fingerprint. If this check box is not selected, a user can use any FIDO device.
Enforce Device Attestation Select this check box to require all FIDO devices to have an attestation certificate that verifies the authenticity of the device.
Encrypt Offline Data on Laptops Select this check box to require additional biometric authentication when using offline mode on laptops.
Tip: If you change the Allow Offline Access system setting, you should click Reset on the Login screen to clear the previously cached encryption and start a fresh session.

Capability URL Settings

Use this section to set the time length for valid self-service emails.

Field Description
URL Valid For Enter the number of minutes or hours for which self-service e-mails will be valid.

Password Complexity (Used ONLY for Database Authentication)

Use the fields in this group box to strengthen the standard password rules. These options add additional restrictions to the standard password rules which are already enforced by Costpoint.

The following are standard password rules enforced by Costpoint:

  • New passwords cannot be the same as the old password.
  • New passwords must match their verification entry.
  • Passwords can contain alphanumeric characters and all special characters on the keyboard (!,#,$,%,&,(,),*,+,-,<,=,>,?,@,[,],^,_,{,},~).
  • If the Allow Reusing of Passwords check box is cleared on the Company Settings tab, the application will check the User Password History Table to determine if the password has already been used.
  • The password must contain at least eight characters.
  • The maximum password length is 20 characters.
  • The password must contain at least one alphanumeric character.
  • The password cannot contain any of the following:
    • User's first name
    • User's last name
    • User's first and last name
    • User ID
    • Employee ID
    • The word "password"
Field Description
Minimum Length

Use this field to enter the minimum character length (8-20) for a user's password on a system-wide basis.

Require Number

Select this check box to require at least one numeric character in the user's password on a system-wide basis.

Require Special Character

Select this check box to require at least one special character in the user's password on a system-wide basis.

Require Mixed Case

Select this check box to require at least one upper case and one lower case alphabetic character in the user's password on a system-wide basis.

Password Life

Use this field to enter the maximum number of days before users must change passwords. You can specify up to five numeric characters (entering all nines in this field would be the equivalent of 274 years). After the specified number of days has passed, a user cannot log into Costpoint without changing his password.