User Policies

User Policies allow administrators to manage the security configurations of their "User Accounts".

To edit a User Policy, navigate to the Web browser menu:

Policy Setup - Best Practices

Use the following steps to setup a series of User Policies for your company:

  1. Start by setting the Default Policy to be the minimum requirements for Password and Lockout
  2. Create additional Policies for more Levels of Access
    • Stricter password requirements
    • Fewer attempts before lockout
    • Longer lockout time or disable user to force manual re-enable
    • Require Two-Factor Authentication
      • Usually when requiring Two-Factor Authentication the user's configurations will usually be managed by an administrator directly
      • Self-managed YubiKeys, for example
  3. Apply stricter Policies to the appropriate Roles or Users
    • Policies may be reused for multiple roles and/or users
  4. Consider enabling Two Factor Providers for additional security, that the user can easily self configure and use if they wish:
    • Authenticator
    • YubiKey

Password Policy

Lockout Policy

(Not applicable to Reset users)

Enabling a Lockout Policy will lock users out of the application, after a set number of consecutive failed sign-in attempts. Lockouts can be a temporary duration, or require an Administrative reset.

A user with the Administer Users permission can re-enable users or reset the lockouts early.

Timeout Policy

(Not applicable to Reset users)

KeePass Inactivity Timeouts

The KeePass for Pleasant desktop client has additional timeout duration options:

Open Entries Will Remain Visible

Entries kept open when a Timeout occurs will remain visible:

Two-Factor Policy and Configuration

IP Filter Policy

Manage Account Policy

Policy Membership

Here is how Policies affect user memberships:

  1. Default Policy
    • One Default Policy may be set
    • The Default Policy is applied if no direct or Role Policies are found
  2. Users may be Assigned a Policy directly
    • To assign a Policy to a user go to:
      • Users & Roles > Manage Users and click the [Edit] link beside the name of the user you wish to assign the Policy to. 
      • There will be Policy dropdown box where you can select whether the user inherits Policies or assign a specific one.
        • A Policy assigned directly to a user will override Policies inherited from roles
  3. A Policy may be Inherited from a Role
    • To assign a Policy to a role go to:
      • Users & Roles > Manage Policies and scroll down to the "Role Policies" grid. 
      • Click the "Set Role Policy" button and a dialog will appear to select the Role and the Policy you would like to assign, as well as the priority for that Policy.
        • Each Role may only have one policy and one Policy priority
        • All of the User's Roles are checked for Policies
        • The Role Policies are ordered by the Policy Priority value (lowest value first).  If a user has multiple Roles, the one with the lowest priority value is applied.
        • Role policies can be used to more dynamically apply Security, based on the Role(s) a User has