|
|
Código: IDI-MA-01 |
Security Policies 🛡️
- Laura Ortiz
In order to provide greater security for the information stored in Sagicc, both for your business and your customers, we have developed the Security Policies module. This module offers a series of configuration parameters that will allow you to enhance the security of the Sagicc working environment, ensuring that only authorized individuals have access to the information. This way, the risks of vulnerability, such as compromised access passwords, among other key security aspects, are reduced.
Through the side menu, you can access the Security Policies module. Locate the “Parameterization” option, then the “Security” section, and click on “Security Policies” to be taken to the initial view of the module.
Once you enter the module, you will be able to access and configure a wide range of security parameters. Each of these parameters has a specific purpose and plays a special role in adding an extra layer of protection to the platform. Make the changes you deem necessary and click the "Save" button to apply the changes.
The available parameters are described below.
Authentication Policies
This set of parameters helps control the user authentication process on the platform:
Password Expiration (days): In this field, specify the number of days during which you want the users' password to remain valid after changing it. Once the specified days have elapsed, the platform will prompt users to change their password, and they must specify a new one to access the platform. If you do not wish to set a password expiration for your users, enter the value zero (0) in this field. This parameter will help maintain security by reducing the likelihood of compromised passwords remaining valid for a long time.
Failed Login Attempts: In this field, indicate the number of allowed failed login attempts for users. A failed attempt is recorded when the user provides an incorrect email and/or password when trying to access the platform. If a user exceeds the specified number of failed attempts, they will be required to wait for a certain period of seconds before attempting to log in again. This measure is essential to prevent brute force attacks and reduce the risk of unauthorized access to compromised accounts.
Password Format
This set of parameters significantly contributes to maintaining the security of access passwords set by users on the platform. These parameters allow specifying certain types of characters and a minimum length for passwords. You can enable or disable the following parameters according to your company's needs:
At least one lowercase letter: The platform will require passwords to contain at least one lowercase letter.
At least one uppercase letter: The platform will require passwords to contain at least one uppercase letter.
At least one number: The platform will require passwords to contain at least one number from 0 to 9.
At least one special character: The platform will require passwords to contain at least one of the following special characters:
! @ # $ % ^ & *.Minimum length: Here, you can specify the minimum length that user passwords must have. It is important to remember that a longer password tends to be more secure.
Data Protection
This section includes parameters designed to ensure that only authorized individuals can access specific information, thereby protecting data security. You can enable or disable the following options according to your business's needs:
Customer Contact Data Encryption: By enabling this option, customer contact information, such as phone numbers and email addresses, will be displayed in an encrypted format (e.g., ****abc@gmail.com) for users with the "Agent" role.
| Versión | Fecha | Comentarios |
|---|---|---|
| Versión actual (v. 5) | ene 29, 2025 21:04 | Laura Ortiz |
| v. 4 | ene 29, 2025 21:02 | Laura Ortiz |
| v. 3 | abr 01, 2024 22:01 | Laura Ortiz |
| v. 2 | abr 01, 2024 22:00 | Laura Ortiz |
| v. 1 | abr 01, 2024 20:21 | Laura Ortiz |