Account Security Options

Account owners can optionally enable several additional security features. If enabled, these features will affect all users in the account. Enabling all security settings allows the user to additionally enable PCI compliance for creating PCI compliant clusters (see here for details on creating a PCI compliant cluster).

Table of Contents

Inactivity Settings

Revoke access to account for inactive users after 90 days of inactivity.

As a pre-requisite, the account must have at least two owner status users to enable these settings.

If this option is enabled, any user who has not logged on within 90 days will have access revoked for the accounts with this setting enabled. Users are notified through email 10 days and 1 day prior to account access revocation. Upon revoking a user’s account access, an account owner can re-invite the user back into the account through the console.

IMPORTANT: Owners can also have access for the account revoked if they do not log in. An account can end up with no owners this way. If this occurs, please contact us at for assistance.

Console Session Settings

Console sessions will time out after 15 minutes of inactivity

To ensure security around unchecked console sessions, exposing provisioned clusters and sensitive information, users will be timed out after 15 minutes and required to log in and re-authenticate.

Password Settings

Multi-factor authentication will be enforced for all users

Multi-factor authentication (MFA) will be enforced on all users in an account,. Users who do not already have MFA enabled will be forced to set up the MFA requirements to access the account when they next log in.

Users will be asked to change their password every 90 days

Passwords expire after 90 days, a user with an expired password will then be required to change their password before logging in.

5 consecutive unsuccessful login attempts will result in a 30 minute lock-out

Five consecutive failed login attempts will result in a lockout for 30 minutes counting from the last failed login attempt. A user who is locked out this way will be prevented from logging in during this time.

The lockout period ends if:

  1. 30 minutes passes, or
  2. The account owner unlocks the user through a button on the console, or
  3. The user resets their own password through existing mechanisms (clicking a reset password link at the login form page or receiving a password reset email with a token).

PCI Compliant Security Settings

Instaclustr provides PCI compliant services and as such has requirements to be fulfilled in order to access/utilise our services with PCI compliance enabled. In order to learn more about PCI and the specific requirements, head over to this page.

In order for an account to be compliant to the PCI standards, it must satisfy all of the security options within the security tab. Once all of the settings are enabled, the user can then enable PCI Compliant with the slider button at the top of the security page.

Need Support
Learn More

Already have an account?
Login to the Console

Experiencing difficulties on the website or console?
Status page for known incidents

Don’t have an account yet?
Sign up for a free trial

Why sign up?
To experience the ease of creating and managing clusters via the Instaclustr Console.