Overview
You can set security policies that control session expiration, maximum number of login attempts, and password expiration for your users in Kayako.
Prerequisites
- To edit any of the security and user registration settings, you will need an administrator account with the 'Manage system configuration' permission.
- Learn more about how Kayako safeguards your data on our product security page.
- Scale or Enterprise plans are required for configuring security login policies. It's not available on Inbox and Growth price plans. If you wish to upgrade your price plan to get this option, please contact the Sales Department by sending an email to Sales@kayako.com.
Diagnosis
Your organization may want to control user access by defining security policies that match those of your organization such as:
- Automatically log out users when they have been inactive for some time.
- Prevent further login attempts if they failed due to wrong credentials entered.
- Set password expiration time to prompt users to set a new password.
Kayako offers a range of account security options that allows you to control how your users access the system. As mentioned above, if your account is on Scale or Enterprise plans, you can configure these settings which all serve to protect Kayako from unsafe sessions and outdated passwords.
NOTE: If you are not on the Scale or Enterprise plans, you will only see the 'Help Center content' tab under the 'Security policies' configuration. The 'Agents' and 'Customers' tab will not be displayed.
Solution
- Sign in to the admin area.
- Click on Security policies in the sidebar.
- Choose either the 'Agents' or 'Customers' tab at the top. The configuration options will be the same for both types of users.
- In the 'Security policy' section, set the following options as needed:
- In the Session expiry field, set the number of hours a user can be inactive before they're automatically logged out.
- In the Maximum number of login attempts field, choose how many failed login attempts Kayako should allow before locking the account for several minutes.
- In the Password expiry field, enter the number of days that your Kayako passwords should remain valid. Kayako will prompt your users to reset their passwords, once this number of days has gone by.
- When you've finished making your changes, click the Save button.
Confirmation
- Session expiry - Users will be logged out automatically after the hours of inactivity configured in the settings.
- Maximum number of login attempts - After the number of failed logins specified, Kayako will prevent further login attempts for 2 minutes, then 4 minutes, then 8 minutes, and so on.
- Password expiry - After the number of days specified in the settings, users will be required to set a new password.