03: What security options are available to me to strengthen the security in PolicyPak Cloud (Password length, 2FA options, etc.)
PolicyPak Cloud has ROLES which enable admins to set COMPANY WIDE security policies.
First, look to see who has the role of “Authentication Options” admin.
Then that person can set company wide policies.
Here are the specific company-wide policies available:
- Require 2Fa for PPC Login
- Require automatic logoff on idle
- Set email-based 2FA OTP lifetime
- Password strength rules
- Account lockout rules
- Password change rules.
The default values can be seen here, but all are changeable by the admin with the role “Authentication Options Admin.”
Notes:
- For “Require 2Fa for PolicyPak login” you can disable ONE 2FA method: Email or Application-based 2Fa. Customer cannot disable 2FA entirely for the organization without an agreement with Netwrix. Attempts to disable BOTH methods yields the message seen below. Additional notes on PolicyPak Cloud + 2FA can be found here: https://kb.policypak.com/kb/article/1241-03-policypak-cloud-2fa/
- For “Require automatic logoff on idle” the allowed range is 5 to 600 minutes.
- For “Set email-based 2FA OTP lifetime” the allowed range is 1 to 30 minutes.
- For “Password strength rules” you can see the various settings below. Note: Minimum length is 6 and the max is 99.
- For “Account lockout rules” you can see the settings and ranges below.
- For “Password Change Rules” you can see the values and ranges below.
Changes to any security posture in PolicyPak Cloud is logged to the Immutable Customer Log. Here’s an example change to the idle timeout time.
