Enable security policies for user authentication and session management to improve
application security. You can control the strength of user IDs and passwords, manage session
time-outs and the disabling of operator IDs, control the auditing of login events, and implement
CAPTCHA and multifactor
authentication.
To manage security policies, you must have the
pzViewAuthPoliciesLP privilege, which is included in the
PegaRULES:SecurityAdministrator role.
The password, lockout, audit, and operator ID disablement
security policies are supported in offline-enabled applications. Multifactor authentication
policies are applied only when two-factor authentication is used in custom authentication
policies and in application case flows. The operator disablement policy is not enforced unless
the Disable Dormant Operators agent is enabled.
-
In Dev Studio, click .
-
Configure the following policies:
- Password policies
- CAPTCHA policies
- Lockout policies
- Audit policy
- Multi-factor authentication policies (using one-time
password)
- Operator disablement policy
-
Click Submit.