Simplifile security administration
This topic contains information and tasks for those setting up and managing the Simplifile environment.
Simplifile provides security policy options that can help control who has access to your data through Simplifile. The security policy settings affect everyone at your organization who uses Simplifile.
- Submitter administrators ‑ Open the Organization Security page (Administrator Role) topic Open the Organization Security page task For submitters.
The first step is to enable the security policy pages above is to open the applicable security policy page for your Simplifile organization.
When you open the applicable security policy page, you can do the following:
- Choose the organization Simplifile recognizes.
- Determine how often people at your organization must change their passwords and how many recent passwords must not be reused.
- Activate a second level (two‑factor) of password protection.
- Require users to authenticate with security questions.
- Require administrator users to use two‑factor authentication.
- Limit users at your organization from sharing an email address. Having multiple users us the same email address is strongly discouraged.
| Letter | Description |
|---|---|
| A | Mark the Enable password expiration box and enter the number of days that must pass before someone's password expires. |
| B | Mark the Enable password history restrictions box to set how may passwords must be used before a password can be used again. In the box, enter the number of passwords that must be changed before a password can be reused. |
| C | To require uses to require people to choose questions and answers that identify them when they reset passwords or call Support, mark the Require security questions box. |
| D | To require administrators to request a code they must enter before they can log in, mark the Require two factor authentication box. |
| E | To limit the email domains (the part of the email address after the @ symbol), users can have in their Simplifile accounts, mark this box then enter the email domains you want to allow. Check the plus sign (+) to add additional domains. |
In your organization’s security policy, when the Require security questions box is marked, the first time users try to open Simplifile they need to provide answers to six questions—five that Simplifile can use to verify their identity online, and one that Simplifile Support can use to verify their identity if they need to call in.
The users choose the questions they want to answer from a predetermined set of 26. The answers are encrypted and securely stored. Users can change the security questions at any time. For more information, see the Security Questions window topic Enter your security question choices and answers task.
On subsequent logins, if a user enters the password correctly within ten tries, he or she is logged in to Simplifile.
The following scenarios describe what happens during login if the organization’s security policy requires security questions and a user sets up answers to the security questions and then tries to log in to Simplifile:
- If the user enters his or her password correctly within ten tries, the person is logged in.
- If the user incorrectly enters his or her password ten times or clicks the Forgot Password link in the Simplifile Log In window to indicate that he or she has forgotten the password, Simplifile displays three of the five security questions for the person to answer. If all three security questions are answered correctly, Simplifile sends an email that contains a link to reset the password to the account email address on record.
- If a wrong answer is given for any of the questions, Simplifile displays a new set of three questions. If this happens three times, Simplifile locks the person’s account. The user must call Simplifile Support to have the account unlocked and reset the password.
For more information, see:
- Submitter administrators ‑ See the Organization Security page (Administrator Role) topic