Skip to main content

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

User account and login settings

Several system settings affect user accounts and logins to the Tenant Management Console and Search Console. To view and change these settings, you use the Console Security page in the Tenant Management Console.

To display the Console Security page, in the top-level menu of the Tenant Management Console, select Security Console Security.

NoteTo view and change user account and login settings, you need the security role.

User account and login settings control:

  • The minimum password length for locally authenticated HCP user accounts. Valid values are integers in the range two through 64 characters. The default is six.
  • The number of days after which locally authenticated users are automatically forced to change their passwords. Valid values are integers in the range zero through 999,999. The default is 180 days. A value of zero means users are never automatically forced to change their passwords.
    NotePassword expiration affects the use of the Tenant Management Console, Namespace Browser, and Search Console only. Users with expired passwords can continue to use those passwords with the HCP management API, namespace access protocols, metadata query API, and HCP Data Migrator (HCP-DM). Password changes, however, affect all the HCP interfaces.
  • The consecutive number of times a locally authenticated or RADIUS-authenticated user can enter an incorrect password before the user account is automatically disabled. Valid values are integers in the range zero through 999. The default is five. A value of zero means accounts are never disabled due to failed login attempts.

    After a user account is automatically disabled, you need to reenable it manually to allow the user to log in again.

    If the last locally authenticated user account with the security role is disabled due to failed login attempts and no group accounts have the security role, the user account is reenabled automatically after one hour.

    NoteA user account with both roles and data access permissions can be disabled by consecutive attempts to use the HTTP protocol or Namespace Browser with an invalid password. A user account with only data access permissions is not disabled by these actions.
  • The number of days an HCP user account can remain inactive before it’s automatically disabled. Valid values are integers in the range zero through 999. The default is 180 days. A value of zero means accounts are never automatically disabled due to inactivity.

    If no group accounts have the security role, the last locally authenticated user account with the security role is not automatically disabled due to inactivity.

  • The number of minutes a Tenant Management Console, Search Console, or Namespace Browser session can be inactive before it times out. Valid values are integers in the range zero through 999. The default is ten minutes. A value of zero means sessions never time out due to inactivity.

    When a session times out, the Console or Browser displays the Idle Timeout page. If you then select a page to display:

    • If the user explicitly logged in, the Console or Browser login page appears
    • In the case of single sign-on, the Console or Browser displays the selected page in the Tenant Management Console or Namespace Browser or the Simple Search page in the Search Console.
    TipIf the tenant supports AD authentication and has no HCP user accounts, the recommended session timeout interval is eight hours.
  • Message text to appear on the login page of the Tenant Management Console and Search Console. This text is optional. If specified, it can be up to 1,024 characters long and can contain any valid UTF-8 characters, including white space.

    The text you specify appears at the bottom of the login pages. You can use this text, for example, for messages such as Authorized Users Only or Welcome to the Finance Department HCP Management Console.

 

  • Was this article helpful?