Report an Error]
Configuring a Global Authentication Policy
To configure global authentication
policies, follow these steps:
- From the JUNOScope main window, click Settings > Users
> Authentication Policy > Global Authentication Policy. The Global Authentication
Policy dialog box appears.
The Global Authentication Policy dialog box displays
the Maximum Login Attempts and the Access Window fields with zero
as the default value, and the Access Control List Add button.
- Enter the following information in the Global Authentication
Policy dialog box:
- Maximum Login Attempts—The maximum number of consecutive
failure login attempts allowed within the access window for a user.
If a user reaches the maximum number of login attempts, the user status
automatically becomes locked. This field can have a value from 0 to 100. If the maximum login attempts is 0, the authentication policy for the user will not be active, the
user account will be assumed to be unlocked, and the normal login
mechanism will be applied. If a user account status is unlocked, the user can successfully log in to the JUNOScope software by providing
a valid username and password. If the account status is locked, the
user is denied access to the JUNOScope software, even if the user
provides a valid username and password, and is shown the message “ The user account is currently locked. Please contact the system administrator.”
For the JUNOScope administrator (the initially configured user),
the user account is always unlocked.
- Access Window—The access window for a user account
starts when the first login failure occurs for the user account and
runs until one of the following
- A user successfully logs in. The access window is then
- A user tries unsuccessfully to log in for the maximum
login attempts. The user account is then locked and the access window
timer is reset.
The Access Window field can
have a minimum value of 0 (for example, all the field minute(s), hour(s),
second(s) having a value of 0) and a maximum value of 24 hours for
example, the hour(s) field can have a maximum value of 24, while the
minute(s) and second(s) fields have a value of 0). The default value
is 0. However, individually, the hour(s) field can have a value from
0 to 24, the minute(s) field can have a value of from 0 to 59, and
the second(s) field can have a value from 0 to 59. If the Access Window
field is 0, the authentication policy for the user account will not
be active, and the normal login mechanism will always be applied.
The timer for the access window starts when an
invalid login attempt is made on a user account. If a user account
is not locked and no further invalid login attempt is tried for that
account, the timer for the access window is automatically reset either
after a time period equal to the access window or if the user successfully
logs in to JUNOScope within the access window period.
If the authentication policy for a user account
is set up with 3 maximum login attempts and a 1-hour
access window, the clock for the access window starts at the first
unsuccessful attempt when the user types an invalid password to login.
If the user makes three unsuccessful attempts within 1 hour,
then the user account will be LOCKED at the third unsuccessful
attempt and will be redirected to the “ The user account
is currently locked. Please see the system administrator.” message. Any further attempts by the user to log in using the
username, even with a valid password, will be denied.
- Click Add. A row with empty fields will be added to the
access control list table.
- Enter the following information in the access control
list table row:
- Network—The IP address of the client machines that
should be allowed or denied access to the JUNOScope software. In the
Network field you can specify a specific client address, in which
case the user has to use the wild card as 32 (128 for IPv6), or the
specific first valid client address, in which case you have to use
the mask as the number of bits that should exactly match the given
- Mask—The network mask of the client machines that
should be allowed or denied access to the to the JUNOScope software.
Specifies the number of bits of the client IP that should match with
the given IP address.
- Allow—The authentication action to be performed,
whether to deny or allow access to the client machine if the IP address
- Comment—The comment to identify access control list
entry. You can provide a comment to identify each access control list
entry or to provide a reason for allowing or denying access.
- Actions—The Move Up and Move Down options used for
ordering access control list entries. When a user logs in, the IP
address of the machine from which he has logged in is compared with
the access list in sequence until a match is found. If a match is
found then the action specified (allow/deny) is done, and the process
does not continue further. However If no match is found the client
is allowed access by default. Since order plays an important role
in the access list, Move Up and Move Down options are provided to
change the order of access control list entries. The Delete option
is provided to delete an access control list entry.
Repeat Steps 3 and 4 to add more access control
list entries to the access control list table.
- Click Save to commit the changes to the database.
Click Reset to clear all the values you have entered and restore
the last saved values.
Report an Error]