If enabled, a variety of further password-related items are made available for configuration, and password expiry and length limits are enforced.

 

If enabled, Users must include a upper-case character when changing their password.

 

This option is only available if Enforce Password Policy is enabled.

 

If enabled, Users must include a lower-case character when changing their password.

 

This option is only available if Enforce Password Policy is enabled.

 

If enabled, Users must include a numeric character when changing their password.

 

This option is only available if Enforce Password Policy is enabled.

 

If enabled, Users must include a symbol-type character when changing their password.

 

This option is only available if Enforce Password Policy is enabled.

 

The number of days a password is valid for before it needs to be changed by the User on next login.

 

This option is only available if Enforce Password Policy is enabled.

 

The minimum length of a password that can be set for Users.

 

This option is only available if Enforce Password Policy is enabled.

 

If enabled, Users cannot reuse a recent password when changing their password.

 

This option is only available if Enforce Password Policy is enabled.

 

How many consecutive failed login attempts a User can make before they are automatically temporarily locked out. It can range between 1 and 100 attempts.

 

How long (in minutes) a User will be locked out if they trigger the automated lock for failed login attempts. It can range between 1 and 60 minutes.

 

If enabled, then Users who have been assigned the User Manager licence part will be allowed to create and import new Users.

 

If enabled, then Users who have been assigned the User Manager licence part will be allowed to create and import new Groups.

 

If enabled, then Users who have been assigned the User Manager licence part will be allowed to manage licence part assignment for Users. The usual restrictions remain around not being able to modify any Users with the System Manager licence part, or anyone who isn't a member of a shared Group.

 

Agent Guidance will accept external connections from any hostnames specified in this list. If no options are configured or it has a value of *, then all originating hostnames are permitted (global whitelist).

 

Note: If using an SSO authentication scheme, then this option must either be a globally whitelisted or include the SSO's origin. Failure to do so will cause login attempts to be rejected as from an untrusted origin.

 

If enabled, an additional security measure will be enabled to prevent Cross-Site Request Forgery attacks. This should have no impact on legitimate usage of the application, but will prevent targeted attacks against privileged Users to affect the Agent Guidance System.

 

If enabled, then the login screen will offer the ability to request a password reset. This requires that the User has a configured email address, that the default email Connector is configured, accurate, and active, and that the Message Processing Service is active.

 

For security reasons, the User will be given no indication if they enter a non-existent username into the request. They will also see a notification that an email has been sent, even if it is waiting in the queue with non-functional mail credentials or a disabled Message Processing Service.

 

If enabled, login details will be remembered following the next successful login.

 

If operating Agent Guidance within another web application such as Genesys Cloud as an embedded or iframed window, then this setting must be enabled as part of the directions provided in the Operating Agent Guidance within an Iframe article.

 

If enabled, then login will only be allowed via Single Sign On. This option is only enforced if there is at least one Single Sign On Connector that is currently active.