Configure security settings
Note
XTM is a secure environment. XTM Cloud uses an SSL certificate to ensure secure communication via HTTPS and we recommend the same for all XTM Suite installations as this not only improves security but ensures compatibility when connecting different instances of XTM for subcontracting.
From the topmost menu in XTM Cloud click on Configuration.
Just below and to the left click on Settings.
From the menu that appears on the left-hand side, click on Security.
From the remaining options, Implement your company's security policy. Consult the guide for each section indicated below:
Click on the Save button when done.
Authentication settings
The function is enabled by default. If this function is switched on, Administrator can decide how users can log to XTM: via User Interface and API, via UI only, or API only.
Go to Configuration > Settings > Security.
Select the Allow API authentication for new users checkbox.
Select Save.
The Authentication section in Edit user > Access rights will be displayed only for users with PM roles.
Go to Configuration > Settings > Security.
Select the Use 2-step verification checkbox.
Select Save.
Log out from XTM.
All users are required to go through the 2-step verification process to log in to XTM.
If the user makes the number of invalid login attempts specified, then their account will be blocked, and they will not be able to access the system.
unblock the account, the Administrator needs to go to the Users tab and select Unblock account from the menu icon in the left-hand column of the users listing.
Go to Configuration > Settings > Security.
In the Allowed log on attempts enter the number of times the user can try to log in.
Select Save.
If the user makes the number of invalid login attempts specified, then their account will be blocked, and they will not be able to access the system. The account will then need to be unblocked by the Administrator.
If the user does not log into their account during the period of days specified, then the account will be blocked. The account will then need to be unblocked by the Administrator as described above.
Go to Configuration > Settings > Security.
In the Disable account after non-use (days) enter the number of days after which the user cannot access the system.
Select Save.
If the user does not log into their account during the period of days specified, then the account will be blocked. The account will then need to be unblocked by the Administrator.
Computer activation level
This setting specifies who will need to go through the PC activation process on the first login. The process involves generating an automatic email.
Go to Configuration > Settings > Security.
In the Computer activation level select who needs to go through the activation process on the first login:
All users
All users except customer Project Managers
Only Project Managers
None
Select Save.
Passwords settings
Feature | Description |
---|---|
Allow users to change their password | Allows users to change the password which the Administrator or PM assigned to them when creating user accounts. |
Password duration (days) | Specifies the number of days that user passwords will be valid. After this period the user will have to change their password. |
Check against previous passwords | Specifies the number of previous passwords that cannot be used as the current password. |
Minimum password length (characters) | Specifies the number of characters required in the password. |
Use brute force dictionary | Defines the words that cannot be used as or in a password. By default, the following words and components are excluded:
|
Force password change on the first login | Check to enforce this measure. |
Password strength | Password characters are split into 4 groups:
There are 3 levels of password strength
|
Privacy settings
Use this section to define who can update segment comments and hide the names or details of other users of the system.
The list describes the places where user information is displayed in XTM Workbench. These are:
Segment comments
Additional information about the TM match
Additional information about terms
Who is locking a segment
Segment filters
For each area there are three options:
Everyone can see the user information
Only Project Managers can see the information
No one can see the information.
Go to Configuration > Settings > Security > Privacy.
In the Allow segment comments to be updated by
All users
Creator only
Only in current step
Select Save.
Go to Configuration > Settings > Security > Privacy.
In the Display user details in comments for select who needs to go through the activation process on the first login:
All users
PMs only
No one
Select Save.
Go to Configuration > Settings > Security > Privacy.
In the Display user details in comments for select who needs to go through the activation process on the first login:
All users
PMs only
No one
Select Save.
Go to Configuration > Settings > Security > Privacy.
In the Display user details in segment filters for select who needs to go through the activation process on the first login:
All users
PMs only
No one
Select Save.
Go to Configuration > Settings > Security > Privacy.
In the Display user details in terms for select who needs to go through the activation process on the first login:
All users
PMs only
No one
Select Save.
Go to Configuration > Settings > Security > Privacy.
In the Display user details in TM matches for select who needs to go through the activation process on the first login:
All users
PMs only
No one
Select Save.
This option allows Administrators to decide what information should be visible to other users
Go to Configuration > Settings > Security > Privacy.
In the Information to display about users select who needs to go through the activation process on the first login:
Username
User ID
First and last name
Initials
Select Save.