Simplifile security administration (for administrators)
This topic contains information and tasks for those setting up and managing the Simplifile environment.
Simplifile provides security policy options that can help control who has access to your data through Simplifile. The security policy settings affect everyone at your organization who uses Simplifile.
- Submitter administrators ‑ Open the Organization Security page (for administrators) topic Open the Organization Security page task For submitters.
The first step is to enable the organization security policy pages above is to open the applicable organization security page for your Simplifile organization.
When you open the applicable organization security policy page, you can do the following:
- Choose the organization Simplifile recognizes.
- Determine how often people at your organization must change their passwords and how many recent passwords must not be reused.
- Activate a second level (two‑factor) of password protection.
- Require users to authenticate with security questions.
- Require administrator users to use two‑factor authentication.
- Limit users at your organization from sharing an email address. Having multiple users us the same email address is strongly discouraged.
The Organizatoin Security page is used to:
-
Enable password expiration
-
Enable password histroy restrictions.
-
Enable minimum password length.
-
Change default for user session timeout.
-
Require security questions
-
Require two-factor authenticaton
-
Change two-factor authentication frequency.
-
Limit two-factor authenticaton to these options.
-
Limit email domain for user reports.
-
Limit email domain for user invitations.
-
Limit user invitations to organization administrators.
-
Allow non-unique user email addresses.
-
Allow administrators to define usernames.
-
Require users to authenticate through SAML.
-
Allow administrators to create new organizations.
| Letter | Description |
|---|---|
| A | If Enable password expiration is marked, you can choose the number of days that must pass before someone’s password expires. |
| B | If Enable password history restrictions are marked, you can choose the number of passwords a person must cycle through before a password can be used again. |
| C | If Require security questions are marked, each Simplifile user must choose security questions and give answers that Simplifile uses to identify the person when a password is reset or when the person calls Support. |
| D | If Require two factor authentication is marked, administrators must request an emailed code they enter before they can continue to login. Two-factor authentication (2FA) is often called multifactor authentication (MFA) and vise versa. |
| E | If Change default two-factor authenticatoion frequency is marked, administrators can adjust the frequency of the two-factor authentication (*2FA) will be required for every login. |
| F | If Limit two-factor authention to these options is marked, administrators can limit the options availalbe to user when entering their second factor. |
In your organization’s security policy, when the Require security questions box is marked, the first time users try to open Simplifile they need to provide answers to six questions—five that Simplifile can use to verify their identity online, and one that Simplifile Support can use to verify their identity if they need to call in.
The users choose the questions they want to answer from a predetermined set of 26. The answers are encrypted and securely stored. Users can change the security questions at any time. For more information, see the Security Questions window topic Enter your security question choices and answers task.
On subsequent logins, if a user enters the password correctly within ten tries, he or she is logged in to Simplifile.
The following scenarios describe what happens during login if the organization’s security policy requires security questions and a user sets up answers to the security questions and then tries to log in to Simplifile:
- If the user enters his or her password correctly within ten tries, the person is logged in.
- If the user incorrectly enters his or her password ten times or clicks the Forgot Password link in the Simplifile Log In window to indicate that he or she has forgotten the password, Simplifile displays three of the five security questions for the person to answer. If all three security questions are answered correctly, Simplifile sends an email that contains a link to reset the password to the account email address on record.
- If a wrong answer is given for any of the questions, Simplifile displays a new set of three questions. If this happens three times, Simplifile locks the person’s account. The user must call Simplifile Support to have the account unlocked and reset the password.
For more information, see:
- Submitter administrators ‑ See the Organization Security page (for administrators) topic
Security options
Simplifile provides several security options that can help control who has access to your data through Simplifile. Password policy settings affect everyone at your institution who uses Simplifile.
The first step is to enable the password policy for Simplifile. After you do this, you can determine how often people at your organization must change their passwords, and how many recent passwords must not be reused.
You can also activate a second level of password protection by requiring Simplifile users to set up security questions Simplifile can use to verify identity when a password reset is required. After you do this, the first time someone logs in, that person must provide answers to several questions—some that Simplifile can use to verify the person’s identity online, and one that Simplifile Support can use to verify the person’s identity if the person calls in.
Another security measure you can activate is to require administrators at your company to enter a temporary code once a month to verify their access to Simplifile.
Each person chooses the security questions they want to answer from a predetermined set of 26, and can change their security questions and answers at any time. Answers to the questions are encrypted and securely stored.
| Letter | Description |
|---|---|
| A | Selecting Edit security questions button displays the Security Questions window that someone sees when they first set up their security questions. |
The following scenarios describe what happens during login if you require security questions and someone sets up answers to the security questions and then tries to log in to Simplifile:
- If the person enters his or her password correctly within a set number of tries, the person is logged in.
- If the person clicks to indicate that he or she has forgotten the password, Simplifile randomly displays three of the five questions. Correct answers for all three questions result in Simplifile sending an email to the person that contains a link to reset the password for the person’s account.
- A wrong answer for any of the questions causes Simplifile to display a new random set of three questions. If this happens three times, Simplifile locks the person’s account. The person may be able to reset his or her own password, or you may be able to send a password reset that unlocks the account. Otherwise, you must call Simplifile Support to reset the person’s password. For more information, see Sending a password reset notification.
- If the person incorrectly enters his or her password more than the set number of times, the person is locked out. The person may be able to reset his or her own password, or you may be able to send a password reset that unlocks the account. Otherwise, you must call Simplifile Support to unlock the account. For more information, see Unlocking a locked user account.
How to set up security measures
How to set up security measures
- In the navigation menu, select the Organizations item.
- On the Organizations page, select the name of the organization for which you want to set up security measures.
- In the navigation menu, select the Security item.
- To turn off the security policy for all Simplifile users at your institution, unmark Security policy enabled. To activate the policy, mark the box.
- Do any of the following:
- To set how many days should pass before a password expires, make sure Security policy enabled is marked. Then enter the number of days in the Number of days until password expires field.
- To set the number of passwords Simplifile users at your institution can rotate through before you can reuse a password, make sure Security policy enabled is marked. Then mark Enable password history restrictions and enter how many passwords cannot be reused.
- To require Simplifile users at your institution to complete password reset security questions that will be used as identifiers if they need to reset their password, make sure Security policy enabled is marked. Then mark Require security questions.
- To require that administrators enter a code once a month to verify their access, make sure Security policy enabled is marked. Then mark Require two factor authentication.