Understanding security options in ClearPoint
For administrators who want to add an extra layer of security for their users, the Organization and Security menu has some great options.
In This Article
To access your security options, open the System Settings menu in the control panel and click Admin Options.
Click on Organization and Security.
On the Organization Details tab, you can change organization name and contacts. Under Organization Name, type in the name you would like to be displayed in the upper left hand corner of ClearPoint. Under Primary Mailing Address, you can input the best mailing address to receive special ClearPoint packages!
Under Points of Contact, you can fill out contact information for Account Administrators, Billing Contacts, Decisionmakers, and Technical Admins. You can add ClearPoint users as points of contact or others in your organization by inserting their email and first and last name.
On the Options tab, you can select a few account-wide settings.
Use the Default Currency dropdown menu to select a currency for your account.
Check the box next to Prevent Users From Changing Home Page if you don’t want users to be able to change their home page.
Check the box next to Lock Account if you don’t want anyone logging into ClearPoint at this point in time. You can adjust the Locked Account Message to better communicate the reason why they cannot log in.
Inserting a Custom Logout URL will automatically send users to the destination of the URL when they log out of ClearPoint. This is a great option for any organizations who uses SSO as you can redirect users to your application dashboard page, rather than our login page. You could also choose to send users to a specific page, like maybe a blog about how wonderful ClearPoint is!
On the Security tab, you can configure password and content security options.
Password Validation Regular Expression controls the characters required for passwords to ClearPoint. We advise against changing this, however if you are interested in this Google password validation regular expression to learn how it is done. Password Validation Message is how you can communicate the password requirements to your users. This will appear on the login screen when they are creating a new password.
Clicking on the check box next to Require Two-Factor Authentication will require that all of your users go through Two-Factor Authentication upon logging in. To learn how this works, check out this page. Checking the box next to Prevent Multiple Logins is useful if you do not want multiple people using the same login credentials. Users will be kicked out of ClearPoint if someone attempts to log in with the same credentials.
Checking the box next to Expire Passwords Every 90 Days will force your users to reset their password upon logging in every 90 days. It is smart to have users reset their passwords regularly. Checking the box next to Reset All Passwords will require that every user in your system resets their password the next time they log in.
Under Context Security, you can select an option from the Invalid Content Policy dropdown menu. The default option in this menu is Warn and Auto-Clean Invalid Content, however there are other options in this menu. It is possible that while you are navigating around ClearPoint, you come across a red message that states: “Warning: Invalid or potentially dangerous content was filtered out of this field. Please contact [email protected] for more information.” This message indicates that the field’s HTML has potential for cross-site scripting, a security vulnerability allowing a user to alter the code that an application delivers to a user which is executed in the user’s web browser. We implemented a tool that searches for this vulnerable HTML and auto cleans it. The Invalid Content Policy dropdown menu controls the options on this tool. For more information about this, feel free to read this article that explains how we approached preventing cross-site scripting.