Security Preferences
Form ID: (SM201060)
You use this form to define security settings for your organization, such as the system password and the lockout policies for the user accounts, encryption certificates, and audit settings.
Form Toolbar
| Button | Description |
|---|---|
| Configure Azure AD | You can use this button to enable and maintain your
instance's integration with Azure Active Directory (Azure
AD). For detailed steps on setting up Azure AD, see our online help pages. These pages also explain how you can use Azure AD to enable single sign-on (SSO) for your MYOB Advanced instance. |
Summary Area
| Element | Description |
|---|---|
| Enable MYOB Notification | This checkbox is automatically selected for all MYOB Advanced
instances. It allows MYOB Advanced users to receive popup
notifications with important information about their MYOB
Advanced system. For example, notice of scheduled upgrades or
bank feed status updates. To choose the types of notifications you receive, go to the Notification Group tab on the User Profile (SM203010) form. |
| Element | Description |
|---|---|
| Enforcement Date | This read-only field displays the date when Secure Authentication (two-factor authentication) logins will become compulsory for all users. Prior to this date, information messages will appear to users when they log in, giving them a link to the signup page for Secure Authentication, where they can set up a Secure Authentication login account that is linked to their MYOB Advanced login. After this date, any user who does not have a Secure Authentication login will be redirected to the signup page automatically, and will not be able to use the MYOB Advanced system until they have set up a login. |
| Element | Description |
|---|---|
| Force User to Change Password Every x Days |
A check box that you select to require periodic password changes; if you select the check box, type the number of days (as an integer) that should pass before a user is prompted to change the password in the corresponding box. To let users leave the password unchanged, clear the check box. By default, this check box is cleared. |
| Minimum Password Length x Characters |
A check box that you select to enforce a minimum password length; if you select the check box, type in the corresponding box the minimum password length (as an integer) needed for user passwords. Clear the check box to not require a minimum password length. By default, the check box is selected and the minimum length is 8 characters. |
| Password Must Meet Complexity Requirements |
A check box that you select if each user password must have at least three of the following features: lowercase letters, uppercase letters, special symbols, and digits. Clear the check box to allow the password to be any ASCII string between the minimum password length and 10 characters. Blank passwords are prohibited. By default, this check box is selected. |
| Additional Password Validation Mask |
A regular expression that you can enter to enforce the company password policies. For more information about using regular expressions, see Examples of the Usage of Masks and Regular Expressions. |
| Incorrect Password Alert | The message that the user receives if the password does not match the additional validation mask or regular expression (if any was set in the above box). |
| Element | Description |
|---|---|
| Lock Account After x Unsuccessful Login Attempts |
The number of unsuccessful login attempts that will cause the account to be locked out. The default value of this box is 3. |
| Lock Account for x Minutes |
The number of minutes an account should be locked out after the defined number of unsuccessful attempts to sign in. The default value of this box is 15. |
| Reset Lockout Counter After x Minutes |
The number of minutes after the last login attempt must pass before the system resets the lockout counter. The default value of this box is 10. |
| Element | Description |
|---|---|
| Use WebConfig Value | A check box that indicates (if selected) that the timeout value specified in the web.config file will be applied to all tenants in the instance. |
| User Inactivity Timeout (Hours) | The time interval (in hours) of user inactivity after which a user will be forced to sign in again. The default value is 1. This box is available only if the Use WebConfig Value check box is cleared. |
| Element | Description |
|---|---|
| DB Encryption Certificate | A read-only info box that displays the certificate used to encrypt data stored in the database. |
| PDF Signing Certificate | The default certificate to be used for signing PDF files. If a user has their own certificate, PDF files created by the user will instead be signed with the user certificate. |
| Element | Description |
|---|---|
| Keep Audit History for x Months |
An integer that represents the number of months the system should keep the audit history of user operations. The default value of the box is 999. |
| Login |
A check box you select to audit each successful login. By default, this check box is selected. |
| Login Failed |
A check box you select to audit each failed login. By default, this check box is selected. |
| Logout |
A check box you select to audit each logout. By default, this check box is selected. |
| Screen Accessed | A check box you select to audit each form accessed by users. Attention: The event is logged only once for
each form during a user session (when the user first opens the form). By default, this check box is selected. |
| Session Expired |
A check box you select to audit each instance of an expired session. By default, this check box is selected. |
| License Exceeded |
A check box you select to audit each instance of the number of allowed concurrent users being exceeded. By default, this check box is cleared. |
| Send Email Success |
A check box you select to audit each successful instance of a user sending an email through MYOB Advanced. By default, this check box is selected. |
| Send Email Error |
A check box you select to audit each failed instance of a user sending an email through MYOB Advanced. By default, this check box is selected. |
| OData Refresh |
A check box you select to audit each instance of accessing MYOB Advanced data by using the OData interface. By default, this check box is cleared. |
| Customization Published |
A check box you select to audit each instance of publishing a customization on any form. By default, this check box is cleared. |
| Security Contact Email | The security contact email is used for sending email alerts relating to site security, such as when a supplier's banking details are changed. It defaults to the email address of the site's original billing contact. |
| Notification Manager | Select someone in your company to receive to receive popup notifications with important information about your company's MYOB Advanced system. For example, notice of scheduled upgrades or bank feed status updates. |
Allowed External Identity Providers Table
By using this table, you can configure and enable single sign-on with the supported external identity providers.
All providers added as part of a customization project are available only if the Active Directory and Other External SSO feature is enabled on the Enable/Disable Features form.
| Column | Description |
|---|---|
| Provider Name | The external identity provider. MYOB Advanced supports the following external identity providers:
|
| Active | A check box you select to allow your users to sign in with the external identity provider credentials. Clear the check box to disable single sign-on with the selected external identity provider. |
| Realm | The full URL of the MYOB Advanced instance—for example, https://www.example.com/my_instance. |
| Application ID | The client ID provided when you register your application instance with the external identity provider. |
| Application Secret | The client secret provided when you register your application instance with the external identity provider. |