Security Preferences

Form ID: (SM201060)

You use this form to define security settings for your organization, such as the system password and the lockout policies for the user accounts, encryption certificates, and audit settings.

Form Toolbar

The form toolbar includes standard and form-specific buttons. For the list of standard buttons, see Form Toolbar and More Menu. The form specific buttons are described below.
Button Description
Configure Azure AD You can use this button to enable and maintain your instance's integration with Azure Active Directory (Azure AD).

For detailed steps on setting up Azure AD, see our online help pages. These pages also explain how you can use Azure AD to enable single sign-on (SSO) for your MYOB Advanced instance.

Summary Area

You use this area to set the password policy, account lockout policy, PDF encryption certificate, and audit settings.
Table 1. MYOB Notification
Element Description
Enable MYOB Notification This checkbox is automatically selected for all MYOB Advanced instances. It allows MYOB Advanced users to receive popup notifications with important information about their MYOB Advanced system. For example, notice of scheduled upgrades or bank feed status updates.

To choose the types of notifications you receive, go to the Notification Group tab on the User Profile (SM203010) form.

Table 2. Enforce Secure Authentication
Element Description
Enforcement Date This read-only field displays the date when Secure Authentication (two-factor authentication) logins will become compulsory for all users. Prior to this date, information messages will appear to users when they log in, giving them a link to the signup page for Secure Authentication, where they can set up a Secure Authentication login account that is linked to their MYOB Acumatica login. After this date, any user who does not have a Secure Authentication login will be redirected to the signup page automatically, and will not be able to use the MYOB Acumatica system until they have set up a login.
Table 3. Password Policy Section
Element Description
Force User to Change Password Every x Days

A check box that you select to require periodic password changes; if you select the check box, type the number of days (as an integer) that should pass before a user is prompted to change the password in the corresponding box. To let users leave the password unchanged, clear the check box.

By default, this check box is cleared.

Minimum Password Length x Characters

A check box that you select to enforce a minimum password length; if you select the check box, type in the corresponding box the minimum password length (as an integer) needed for user passwords. Clear the check box to not require a minimum password length.

By default, the check box is selected and the minimum length is 8 characters.

Password Must Meet Complexity Requirements

A check box that you select if each user password must have at least three of the following features: lowercase letters, uppercase letters, special symbols, and digits. Clear the check box to allow the password to be any ASCII string between the minimum password length and 10 characters. Blank passwords are prohibited.

By default, this check box is selected.

Additional Password Validation Mask

A regular expression that you can enter to enforce the company password policies.

For more information about using regular expressions, see Examples of the Usage of Masks and Regular Expressions.

Incorrect Password Alert The message that the user receives if the password does not match the additional validation mask or regular expression (if any was set in the above box).
Table 4. Two-Factor Authentication Policy Section

This section is available only if the Two-Factor Authentication feature is enabled on the Enable/Disable Features (CS100000) form.

Element Description
Two-Factor Authentication
The state of the two-factor authentication for all of the company's users that do not have their own setting specified on the Users (SM201010) form; select one of the following options:
  • None: Two-factor authentication is disabled.
  • Required: Two-factor authentication is required system-wide.
  • Required for Unknown Devices: Two-factor authentication is required for unknown devices.

By default, this box is set to None.

Allow Email

A check box that you select so that the authentication can be performed by an access code sent to the email address specified for a user.

Allow SMS

A check box that you select so that the authentication can be performed by SMS. For you to use this authentication method, an SMS provider needs to be configured on the SMS Providers (SM203535) form.

Table 5. Account Lockout Policy Section
Element Description
Lock Account After x Unsuccessful Login Attempts

The number of unsuccessful login attempts that will cause the account to be locked out.

The default value of this box is 3.

Lock Account for x Minutes

The number of minutes an account should be locked out after the defined number of unsuccessful attempts to sign in.

The default value of this box is 15.

Reset Lockout Counter After x Minutes

The number of minutes after the last login attempt must pass before the system resets the lockout counter.

The default value of this box is 10.

Table 6. Timeout Settings
Element Description
Use WebConfig Value A check box that indicates (if selected) that the timeout value specified in the web.config file will be applied to all tenants in the instance.
User Inactivity Timeout (Hours) The time interval (in hours) of user inactivity after which a user will be forced to sign in again. The default value is 1. This box is available only if the Use WebConfig Value check box is cleared.
Table 7. Encryption Certificates Section
Element Description
DB Encryption Certificate A read-only info box that displays the certificate used to encrypt data stored in the database.
PDF Signing Certificate The default certificate to be used for signing PDF files. If a user has their own certificate, PDF files created by the user will instead be signed with the user certificate.
Table 8. Audit Section
Element Description
Keep Audit History for x Months

An integer that represents the number of months the system should keep the audit history of user operations.

The default value of the box is 999.

Login

A check box you select to audit each successful login.

By default, this check box is selected.

Login Failed

A check box you select to audit each failed login.

By default, this check box is selected.

Logout

A check box you select to audit each logout.

By default, this check box is selected.

Screen Accessed A check box you select to audit each form accessed by users.
Attention:
The event is logged only once for each form during a user session (when the user first opens the form).

By default, this check box is selected.

Session Expired

A check box you select to audit each instance of an expired session.

By default, this check box is selected.

License Exceeded

A check box you select to audit each instance of the number of allowed concurrent users being exceeded.

By default, this check box is cleared.

Send Email Success

A check box you select to audit each successful instance of a user sending an email through MYOB Acumatica.

By default, this check box is selected.

Send Email Error

A check box you select to audit each failed instance of a user sending an email through MYOB Acumatica.

By default, this check box is selected.

OData Refresh

A check box you select to audit each instance of accessing MYOB Acumatica data by using the OData interface.

By default, this check box is cleared.

Customization Published

A check box you select to audit each instance of publishing a customization on any form.

By default, this check box is cleared.

Security Contact Email The security contact email is used for sending email alerts relating to site security, such as when a supplier's banking details are changed. It defaults to the email address of the site's original billing contact.
Notification Manager Select someone in your company to receive to receive popup notifications with important information about your company's MYOB Advanced system. For example, notice of scheduled upgrades or bank feed status updates.