Configuring Organization Security Policies

📘

Organization Security Policies are part of our Enterprise plans. Please contact us if you are interested in this feature.

A number of configurable security policies are available that apply to all members of your organization.

To access policies, go to Org Settings and click the Security Policies tab. Admins will see a new Policies section that contains all new organizational security policy settings. Only admins can manage these policies.

Expire Passwords

This policy ensures that team member passwords get reset frequently.

This policy is configured as the number of days between password reset.

2492

Instructions

  1. Toggle on the switch to the right of ‘Expire Passwords’ in the Policies section
  2. You will see a field appear called ‘Expiration Time in Days’
  3. Set this field to the desired number of days, such as 90
  4. Click Update Policies at the bottom of the page to Save

Lockout Team Members After Failed Login Attempts

This policy will lock out a team member if they fail too many times to login, as a prevention against hackers or brute force attacks.

This policy requires 3 values: the number of failed attempts that are allowed (X), the amount of time allotted to successfully login in minutes (Y), and the amount of time that the team member will be locked out of their account if they fail to login in minutes (Z).

2492

Instructions

  1. Toggle on the switch to the right of ‘Lockout Team Members After Failed Login Attempts’ in the Policies section
  2. You will see 3 fields appear
  3. Fill out values for X Failed Attempts, Y Minutes, and Z Minutes Locked Out. Sample values would be 6, 10, and 3. (6 Failed Attempts in 10 Minutes Results in 3 Minute Account Lockout)
    Click Update Policies at the bottom of the page to Save

Disable Inactive Team Members

This policy ensures that team members are logging into the Nami Control Center regularly, and that inactive team member accounts aren’t vulnerable.

This policy is configured in days.

2492

Instructions

  1. Toggle on the switch to the right of ‘Disable Inactive Team Members’ in the Policies section
  2. You will see a new field appear called ‘Inactivity Time Period in Days’
  3. Enter a value for the Inactivity Time Period, such as 90 days
  4. Click Update Policies at the bottom of the page to Save

Control Center Sessions

There are 2 values governing how long team Nami Control Center member sessions are. Inactive Session Length refers to how long a team member can be inactive on their device before the system logs them out. Max Session Length refers to the total session length a team member can have, regardless of activity.

Both values are configured in minutes. Nami sets defaults for these session values, but you can configure them to be shorter.

For an example: the Inactive Session Length is 10 minutes and the Max Session Length is 20 minutes. A team member logs in on their browser and then checks email for 10 minutes, leaving the Nami Control Center open but inactive in another tab. When they return to the Nami Control Center, they will have been logged out. However another team member logs in on their browser and works in the Nami Control Center for 20 minutes straight. After 20 minutes, the Control Center logs them out and requires them to log in again, even though they have been active.

2492

Instructions

  1. Navigate to the bottom of the Policies section
  2. Inactive Session Length is set by default to 14 days, or 20160 minutes. To change this policy, set this value to a lower number such as 30 minutes.
  3. Max Session Length is set by default to 14 days, or 20160 minutes. To change this policy, set this value to a lower number such as 90 minutes.
  4. Click Update Policies at the bottom of the page to Save

📘

Max Session Length must be greater than or equal to Inactive Session Length