Manager settings

To configure the manager settings for accessing the Operator Control Panel:

  1. Go to Security Settings (see Navigation). The Security Settings page is displayed.
  2. Go to the Manager settings tab. 

  3. In the SignOn method list, select one of the following items and configure the selected method:

  4. Click Update.

External Active Directory

If the External Active Directory item is selected in the SignOn method list:

  1. In the SSO group, select Add a provider.
  2. In the appeared list, select the checkboxes for the required authentication providers and click Save. For details, see SSO providers for Operator Control Panel.

Embedded

If the Embedded item is selected in the SignOn method list:

  1. Optionally, to activate signing in to the Operator Control Panel with an external account (for example, with a Microsoft account — see Signing in to the Operator Control Panel with Microsoft):

    1. In the SSO group, select Add a provider.
    2. In the appeared list, select the checkboxes for the required authentication providers and click Save. For details, see SSO providers for Operator Control Panel.
  2. To configure the expiration rules of a password, set the following options in the Password expiration rules group:
    1. Turn On the Activate switch.
    2. In the Password Days to Expire field, enter the number of days when a manager need to change the password.
    3. In the Notice Days field, enter the number of days before the password expiration when a reminder about the password expiration is displayed to a manager on an attempt to log in.
  3. To configure the deactivation rules for a manager, set the following options in the Deactivation rules group:
    1. Turn On the Activate switch.
    2. In the Expire after Days field, enter the number of days after the last manager login when a manager will be deactivated.
  4. In the Multi-factor Authentication (MFA) group, configure how managers use MFA on the second authentication step (see Signing in to the Operator Control Panel with manager's credentials):
    1. In the Trusted devices expire in, months field, enter the period in months during which a device used by a manager to log in to the Operator Control Panel is considered trusted, so the second authentication step is skipped. The default value is 1. The minimum value is 0 (devices are never considered trusted, so the second authentication step is displayed on every login attempt). The maximum value is 12.
    2. With the Mandatory use switch, choose whether using MFA is required for all managers of the reseller. By default, the switch is Off, and managers can independently decide on using MFA (see Configuring manager's MFA methods).

General security settings that are always applied in the Operator Control Panel:

  • It is not possible to forbid the use of MFA.
  • After 5 unsuccessful login attempts, a manager is blocked for 2 minutes.
  • The blocking period is doubled after every next 5 unsuccessful login attempts.
  • Unsuccessful login attempts at the first and second authentication steps are summed up.
  • The unsuccessful attempt counter is reset only after a successful login.