Password Settings

Password Settings

Note: The settings in this section only apply to the User's Login Password.  They do NOT apply to the Master Password or the Vendor's Login Password. 

• Minimum length of the password is:  Enter the minimum length of the password.  Valid entries are 0 - 999.  A minimum of eight (8) characters is recommended.   If set to 0 the minimum length required will default to 1 since the password is a required field.

• Maximum length of the password is: Enter the maximum length of the password.  Valid entries are 0 - 999.  If set to 0 there is no maximum length required.

• Must contain one upper case letter (A-Z): Select this check box if you want the ePMX system to force the entry of one upper case letter in the Password.  

• Must contain one lower case letter (a-z): Select this check box if you want the ePMX system to force the entry of one lower case letter in the Password. 

• Must contain one number (0-9): Select this check box if you want the ePMX system to force the entry of one number in the Password. 

• Must contain one special character: Select this check box if you want the ePMX system to force the entry of one special character in the Password.  The allowed special characters are ~, !, @, #, $, %, ^, &, *, (, ), _, +, =, {, }, [, ] or |.

• Number of failed login attempts before lock out: Enter the number of failed login attempts before the user is locked out of the ePMX system.  Valid entries are 0 - 999.  A minimum of three (3) login attempts is recommended.  If set to 0 the user will not be locked out of the ePMX system on a failed login attempt. 

• Notify users when account is locked out: Select this check box if you want the ePMX system to notify the user when his account has been locked out due to a failed login attempt.  When a failed login attempt causes the user to be locked out of the ePMX system an email will be sent to the address entered in the field labeled 'Email 1' on the user's employee record.  The email will contain the message ' Your ePMX account has been locked. Click the link below to reset you ePMX password and unlock the account.' 

• Force password reset after: The value entered in this field is expressed as number of days.  Enter the number of days after which the user must reset his password.  Valid entries are 0 - 999.  If set to 0 the user will not be forced to reset his password.  If his password has expired, the next time the user tries to login into the ePMX system, he will get the message 'Password has expired!  Press OK to change your password or Cancel to exit.' 
   
• Notify the user in advance of password expiry: The value entered in this field is expressed as number of days.  Enter the number of days in advance of his password expiring that you want to notify the user.  Valid entries are 0 - 999.  If set to 0 the user will not be notified before his password expires.  If a value greater than 0 is entered and it is time to notify the user, the next time the user tries to login into the ePMX system, he will get the message 'The password will expire in X days.  Press OK to change your password or Cancel to continue.' 
   

Multi-Factor Authentication

Note: The Multi-Factor Authentication functionality only affects user logins performed at the login page, using a username and password combination.  If the user clicks on a link from their email to approve a requisition, for example, they will not need to enter a MFA code.

• MFA setting: Choose one of the following options from the list box to define how you want Multi-Factor Authentication to work.
  
  Do not require a verification at login: When this option is selected a verification code is not required at user login.
  
  Trust access from the same IP for 30 days: When this option is selected, and the user is logging into the ePMX system from the same IP address as used in previous logins, the user will only be asked for a verification code every 30 days. 
  
  Always require a verification code at login:  When this option is selected the user will be asked for a verification code each time he logs into the ePMX system.   

• Allow e-mailed verification codes: Select this check box if you want the ePMX system to email the verification code to the user.   The email will be sent to the address entered in the field labeled 'Email 1' on the user's employee record. 
  Note: This box must be checked for the Multi-Factor Authentication functionality to work.  If it is not checked a verification code will not be required at user login.

When the user types in their username and password, before logging them in, the ePMX system will check to see if they need to re-authenticate.  If they need to perform authentication the following screen will be displayed:

The user will click on the Send Code button, the email containing their one-time authentication code will be sent, and the following screen will be displayed:

The user will copy/paste or type the code into the box and click on the Verify Code button.  They will then be logged into the ePMX system.
 

Firewall - Whitelisted IPs

Note: This section will only be displayed if the box labeled  Enable IP Whitelist Firewall found on the System Information tab is checked.

You can use this section to limit what computers access your ePMX application.  You will need to enter their specific IP addresses. If no IP addresses are listed your ePMX application can be accessed by any computer as long as the person logging in enters a valid ePMX Login ID and Password.
 

• Enter IP: Enter the IP address of a computer you want to allow access to your ePMX application.
   
• Enter IP Label (17 characters): Enter a Label for the IP address to help identify it: example; location or person's name.
   
• Click on the Add button: After you click on the Add button the IP address and Label will be added to the Whitelist on the right.

Repeat the above three steps to add additional IP addresses to the Whitelist.  To delete an IP address from the Whitelist click on the IP address to highlight it and then click on the Remove button.