Organization Security page (Administrator Role)

Overview

This topic provides information on how to use the Organization Security page.

IMPORTANT: Submitter user accounts must have the eRecording Administrator role to see the navigation bar Organizations > Security menu item.

Organization Security page with callout letters screenshot

Letter Description
A Mark the Enable password expiration box and enter the number of days that must pass before someone's password expires.
B Mark the Enable password history restrictions box to set how may passwords must be used before a password can be used again. In the box, enter the number of passwords that must be changed before a password can be reused.
C To require uses to require people to choose questions and answers that identify them when they reset passwords or call Support, mark the Require security questions box.
D To require administrators to request a code they must enter before they can log in, mark the Require two factor authentication box.
E To limit the email domains (the part of the email address after the @ symbol), users can have in their Simplifile accounts, mark this box then enter the email domains you want to allow. Check the plus sign (+) to add additional domains.

In your organization’s security policy, when the Require security questions box is marked, the first time users try to open Simplifile they need to provide answers to six questions—five that Simplifile can use to verify their identity online, and one that Simplifile Support can use to verify their identity if they need to call in.

The users choose the questions they want to answer from a predetermined set of 26. The answers are encrypted and securely stored. Users can change the security questions at any time. For more information, see the Security Questions window topic Enter your security question choices and answers task.

NOTE: Simplifile users can change their security questions and answers at any time from the My Settings page. For more information, see the My Settings page topic Change your identity verification questions task.

On subsequent logins, if a user enters the password correctly within ten tries, he or she is logged in to Simplifile.

The following scenarios describe what happens during login if the organization’s security policy requires security questions and a user sets up answers to the security questions and then tries to log in to Simplifile:

  • If the user enters his or her password correctly within ten tries, the person is logged in.
  • If the user incorrectly enters his or her password ten times or clicks the Forgot Password link in the Simplifile Log In window to indicate that he or she has forgotten the password, Simplifile displays three of the five security questions for the person to answer. If all three security questions are answered correctly, Simplifile sends an email that contains a link to reset the password to the account email address on record.
  • If a wrong answer is given for any of the questions, Simplifile displays a new set of three questions. If this happens three times, Simplifile locks the person’s account. The user must call Simplifile Support to have the account unlocked and reset the password.

The Security page provides several security options that can help control who has access to your data through Simplifile. The security policy settings affect everyone at your organization who uses Simplifile.

  • Choose which email domains Simplifile recognizes.
  • Determine how often people at your organization must change their passwords and how many recent passwords must not be reused.
  • Activate a second level (two‑factor) of password protection.
  • Require administrators at your company to enter a temporary code once a month to verify their access to Simplifile.
  • Let users at your organization share email addresses, although this is discouraged.

I want to ...

Open the Organization Security page

For submitters

  1. In the navigation bar, click Organizations. The Organizations page opens in the right panel.
  2. If needed, use the Filter field to display the wanted organization.
  3. In the Name/ID row, click on the blue link. The Organization Contact Information page opens and the navigation bar changes.
  4. In the navigation bar, click Security. The Security page for the organization opens in the right panel.

Set the email domains for user reports option

When the Limit email domain for users box is marked, your Simplifile environment only recognizes and allows access to email accounts from the entered domains.

NOTE: An email domain is the portion of the email address that follows the @ symbol.

  1. Open the Organization Security page.
  2. Use the Limit email domain for user report checkbox to enable or disable if the uses in the organization are required to use security questions:
    • To disable (turn off) the requiring of security questions, clear the box.
    • To enable (turn on) the requiring of security questions, mark the box.
  3. If you are enabling the email domain or domains for user reports, in the Email domains field,
    1. Enter the first domain in the box for which you want to allow access.
    2. For each additional domain for which you want to allow access, click the plus sign to display an additional box and enter the domain.

Set the password history restrictions option

  1. Open the Organization Security page.
  2. Use the Enable password history restrictions checkbox to enable or disable passwords history restrictions for all Simplifile users at your organization:
    • To disable (turn off) the password history restrictions, clear the box.
    • To enable (turn on) the password history restrictions, mark the box.
  3. If you are enabling the password history restrictions, in the Number of unusable previous passwords field, enter a number between 2 and 5.

Set the password security expiration option

The value in the Number of days until password expired field determines how many days pass before a password expires.

  1. Open the Organization Security page.
  2. Use the Enable password expiration box to enable or disable the password expiration for all Simplifile users at your organization:
    • To disable (turn off) the password expiration, clear the box.
    • To enable (turn on) the password expiration, mark the box.
  3. If you are enabling the password expiration, in the Number of days until password expires field, enter the number of days you want to pass before the current password expires. The default value is 90 days.

Set the Require security questions option

  1. Open the Organization Security page.
  2. Use the Require security questions checkbox to enable or disable if the uses in the organization are required to use security questions:
    • To disable (turn off) the requiring of security questions, clear the box.
    • To enable (turn on) the requiring of security questions, mark the box.

    IMPORTANT: When the Require security questions box is marked in the enabled security policy, the first time a new Simplifile user successfully logs in to Simplifile the Security Questions window opens and the user is required to provide answers to six questions. For more information, see the Security Questions window topic.

Set the Require two‑factor authentication (for administrator users) option

When the Require two‑factor authentication (for administrator users) checkbox is marked, administrators must enter temporary code once a month to verify their access to Simplifile.

  1. Open the Organization Security page.
  2. Use the Require two‑factor authentication (for administrator users) checkbox to enable or disable the two‑factor authentication for administrator users at your organization:
    • To disable (turn off) the two‑factor authentication, clear the box.
    • To enable (turn on) the two‑factor authentication, mark the box.