General
  • 26 Sep 2024
  • 2 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

General

  • Dark
    Light
  • PDF

Article summary

The General Security Setting pages controls whether Surpass Support personnel are allowed to login to your library and to define when and if you want inactive users to be logged out. There are also settings for patron/user password standards.

setting-security-general5

📺 Video Tutorials

An overview of General Security Settings is available on YouTube: General Security Settings

Settings

  • Allow Surpass Support to Log in - If this box is checked, Surpass Support personnel can login to your library system to provide assistance using their own login credentials instead of your sharing your own password with them. Un-check this box if you do not want Surpass Support to be able to login.
Surpass Software's development team has access to your backend database for the purpose of maintenance and backup regardless of this setting.
  • Inactivity timeout - Check this box to have users in the Surpass Cloud admin site logged out if they are inactive (no keyboard or mouse activity) after a certain amount of time. This is recommended to prevent un-authorized users from accessing Surpass Cloud while an authorized user has stepped away.

    • Minutes - The number of minutes of inactivity that will trigger automatic log-out.
Before you're logged out, Surpass Cloud will display a message asking "Are you still there?" If you respond "yes," to that message, you will not be logged out. If you don't respond within one minute, you will be logged out.
  • Enable multi-factor authentication
    Users of Surpass Cloud Admin (this application) will have the option to enable ma second layer of securityto their account using an authenticator app on their mobile device in addition to their credentials when they log in.

    • Multi-factor authentication is mandatory - Require that all users accessing Surpass Cloud Admin set up and use multi-factor authentication to access this application.
Multi-factor Authentication is enabled but not mandatory by default. Steps for the log in process can be found here Using Surpass Cloud : Log In.
  • Limit access to network(s) with specific IP addresses - Surpass Cloud Admin (this application) will be accessible only from devices connected to networks with these WAN (external) IP addresses. Use this with caution! It could lock you and other authorized users out of Surpass Cloud Admin. Use this only if your internet connection has a static (non-changing) IP address from your internet service provider. Changes made here affect all locations in your Surpass Cloud system.

Password Requirements

  • Minimum length - The minimum length of passwords.

  • Must be combination of digits and letters - Passwords must include both digits and letters. Passwords that contain only digits or contain only letters will not be accepted.

  • Must be mixed-case - Passwords must contain a mix of UPPERCASE and lowercase letters. Passwords that are all uppercase or all lowercase will not be accepted.

  • Must include non-alphanumeric characters - Passwords must contain at least one character that is neither a digit nor a letter (punctuation, math symbols, etc.).

  • Require patron to change password if non-compliant - If a user's existing password does not comply with the minimum requirements (perhaps it was added before the requirements were changed), this option will require that the user change the password on the next login.

  • Number of days temporary passwords are valid - Temporary passwords may be assigned on the Patrons View page (see Change Patron Passwords) or issued for Welcome Notices. When using a temporary password, the user is required to change their password upon log in to Surpass Cloud Admin, OPAC, or Self-Check. This setting defines the number of days that a temporary password remains valid.


Was this article helpful?

What's Next