User Passwords & Multi-Factor Authentication
This section of the documentation includes details about managing passwords for access to InsightCloudSec. Note that this does not apply passwords and password requirements related to individual Cloud Service Providers.
Password Requirements
InsightCloudSec enforces the following password requirements:
A minimum of 12 characters to include: one special character, one uppercase character, one lowercase character, and one number.
Resetting Passwords
No SMTP Configured
For users with no SMTP configuration, a password reset will require an administrator to manually reset the password with a temporary password. The email notification capability is not available.
Forgotten Password
A password reset can be requested by the user through the forgot password link located on the InsightCloudSec sign-in form. Clicking this link triggers an email that will enable a user to reset their password. This option is available to new users as well as existing users.
In-App Password Reset
A user can change their password by navigating to their profile, confirming their existing password, and then creating a new password.
Admin Password Reset Request (SMTP)
A Domain Admin can select a specific user and generate an email that prompts the target user to reset their password.
- From the main navigation menu, select Administration > User Management and select the Users tab. Locate the user whose password you’d like to reset.
- Click the action icon to the left of their name and select Reset Password to generate a password reset email.
If a user attempts to login with expired credentials (e.g., using the previously active/correct password) after their Domain Admin has triggered the reset email, they will also be automatically redirected to the password reset function.
Email - Password Links
Any links received via email to reset a user's password are valid for 1 hour. After 1 hour a new email and link will have to be requested/generated.
Admin Password Reset Request (No SMTP) - A Domain Admin can select a specific user and generate a temporary password to share with the user manually.
- From the main navigation menu, select User Management, select Users, and find the user whose password you’d like to reset.
- Click the action icon to the left of their name and select Reset Password; confirm to generate the temporary credentials.
- Share these credentials with the target user; when they log in, the system will prompt them to update their password.
If a user attempts to login with expired credentials (e.g., using the previously active/correct password) after their Domain Admin has triggered the reset, they will also be automatically redirected to reach back out to the administrator.
Multi-Factor Authentication
Multi-factor authentication (MFA)--also known as two-factor authentication (2FA or TFA)--enhances security by verifying a user's identity using multiple methods of authentication from independent categories of credentials.
To set up a user for MFA in InsightCloudSec, an Admin will need to do the following:
- From the Administration Icon (gear) Administration > User Management, select the Actions menu for the user you want to assign MFA.
- Select Require MFA for User for the target user.
- Select Confirm on the dialog. The next time a user attempts to log in, they will be prompted to set up MFA.
Save the OTP Authentication Key - This token only displays once
- Users will need to download Google Authenticator for iOS or Android, as appropriate. You can find details on Google Authenticator here.