As a Emburse Professional Administrator, you are able to configure your company's security settings. You can set a minimum password rating, enter users who should receive failed login notifications, and set up multi-factor authentication.
This article shows you, a Emburse Professional Administrator, how to manage your company’s security settings.
1. On your Emburse Professional homepage, click the gear icon.
2. Click Security Settings.
3. Choose your company’s Minimum Password Rating. The Minimum Password Rating defines the level of complexity each password must achieve to be a valid password. The 4 levels are:
- Better: 3 password conditions met.
- Strong: 4 password conditions met.
- Stronger: 5 password conditions met.
- Strongest: 6 password conditions met.
The password strength conditions are:
- at least 6 characters (required)
- at least 8 characters
- one lowercase letter
- one uppercase letter
- one numeric character
- one special character: !@#$%^&*()_+=,.<>?;:/
For example, the password “Certifyrocks!” would be considered a “Stronger” password because it meets 5 of the 6 strength conditions (at least 6 characters, at least 8 characters, an uppercase and lowercase letter, and a numeric character).
Please Note: The Minimum Password Rating will only apply to passwords created or updated after the rule has been saved.
4. If desired, enter an email address or addresses to be notified when a user records a failed login attempt.
The users listed will be sent a daily notification of failed login attempts. The system will send one notification per day, even if there are no failed login attempts.
5. Select the checkbox if you’d like to require Multi-Factor Authentication (MFA) for all users. If you un-select the checkbox, each individual user will have the option to opt out of MFA. The end user will see the option on their My Account page.
MFA is replacing the use of security questions in Emburse Professional. MFA will be triggered when a user attempts to login to Emburse Professional from an unrecognized device, IP address, or web browser. When MFA is triggered, Emburse Professional will ask the user if they want a one time security code emailed or texted to their phone. The user will then need to enter the code in Emburse Professional to prove their identity. View our Help Center article on Multi-Factor Authentication for further information.