HELP CENTER

senhasegura official documentation

Table of Contents

Administration
Security settings 3
User accounts maintenance 3
Multi-Factor Authentication (MFA) 4
Password security level 4
Access control by IP 5
Creating Allowlist rules 5
Creating Denylist rules 5
Adaptive MFA by location 5

Copyright 2022 senhasegura | All Rights Reserved | Powered by MT4 Group | Public information

2
Security settings
To change the security settings for all users across the platform, go to Settings ➔ System parameters
➔ Security .

User accounts maintenance

M i nutes to expi re sessi on: Session inactivity timeout. Inactive web sessions automatically expire
after a certain time. The default timeout is 30 minutes.

Lock di sabl ed account: Check this box if you want to remove accounts that have remained
inactive for a certain number of days. Unchecked by default.

Days unti l l ock: Days required for an account to be considered inactive and eligible to be
removed.

Force password change on fi rst access: Check this box if you want to force users to create a
unique password when they log in for the first time. Checked by default.

Expi re password: Passwords automatically expire after a certain number of days. Unchecked by
default.

Days unti l password expi res: Days required for a password to automatically expire

Copyright 2022 senhasegura | All Rights Reserved | Powered by MT4 Group | Public information

3
 Important
The options to Lock di sabl ed account , Force password change on fi rst access , and Expi re
password are only available for customers using senhasegura's standard authentication provider.

Users who employ third-party authentication providers need to set these options on their separate
provider.

Multi-Factor Authentication (MFA)

Force M ul ti -Factor authenti cati on to al l users: Check this box to force all users, including the
admin, to set up a second authentication factor for senhasegura. Consider the impact on your
users' work routine before turning this feature on.

Warning
When enabling Force Multi-Factor Authentication, it is important to take precautions to avoid
locking users out of the application. Administrators should be mindful of the server time and
ensure proper configuration using external MFA tools to prevent login issues.

Force di gi tal certi fi cate authenti cati on to al l users: After the first login, MFA will not be
required for additional login attempts for a few hours. This is a useful option when using tools that
log into several SSH terminals simultaneously.
Al l ow "Trust thi s computer" up to a maxi mum X hours: Some devices do not work with an
NTP server, creating short delays of a few seconds that impact TOPT authentications. By checking
this box, you can set up a longer timeout limit for tokens.
Accept wi th tokens generated unti l X second change: Some devices are not configured on
NTP servers, generating an interval of seconds that can affect authentication using TOTP. In these
cases, set the accepted interval in this property
Enabl e use of an external mul ti factor authenti cati on sol uti on: Allows customers to choose a
third-party (cloud or on-premises) SSO provider as an authentication tool, as long as it uses one of
the protocols supported by senhasegura.

Password security level

M i ni mum characters for password: Minimum length of a password.

M i ni mum numbers for password: Minimum number of numeric characters in the password.

Restri ct password reuse: New passwords must be different from previous passwords.

N l ast passwords that cannot be used: Number of previous passwords that senhasegura will
use as a reference to prevent password reuse.

Requi re symbol s i n the password: Check this box if passwords must contain symbols.

Important
These options are only available for customers using senhasegura's standard authentication provider.

Users who employ third-party authentication providers need to set these options on their separate
provider.

Copyright 2022 senhasegura | All Rights Reserved | Powered by MT4 Group | Public information

4
 Access control by IP
You can choose to grant or deny access for certain IP addresses and network segments.

Important

Access control acts as an Allowlist or Denylist . Be very careful not to accidentally restrict the access of
the admin user that manages the settings.

Creating Allowlist rules

If you toggle the option Deny All , you can deny all access requests to your platform except those from IP
addresses in your Allowlist.

1. Choose the option Deny al l .

2. Add the range of IP addresses that you want to have access to senhasegura and choose the Al l ow al l
option in the drop-down list on the right.

Now, only connections from these IP addresses will be able to perform authentications on senhasegura.

Creating Denylist rules

Even if you toggle the option Allow All, you can still protect your platform from unwanted access by creating
a list of IP addresses whose login attempts should be permanently blocked.

1. Choose the option Al l ow al l .

2. Add the range of IP addresses that you want to block access to and choose to the Deny al l option
in the drop-down list on the right.

Creating Allowlist rules

Adaptive MFA by location

Copyright 2022 senhasegura | All Rights Reserved | Powered by MT4 Group | Public information

5
 This section allows you to set different MFA requirements for different IP ranges. You can make MFA
mandatory for some users, but not for others, based on their IP address. This rule will be enforced when
users try to:

Log in

Start a Session

View Passwords

Important
If there are overlays between different IP ranges, a user will be subject to the first range they appear
on.

Important
This configuration overrides Force multifactor authentication for all users . In case a user's IP
address is listed in one of the ranges in this field, they will be subject to the rule established in
Adaptive MFA by location instead.

Powered by Document360

Copyright 2022 senhasegura | All Rights Reserved | Powered by MT4 Group | Public information