Account Security Options
Account owners can optionally enable several additional security features. If enabled, these features will affect all users in the account. Enabling all security settings allows the user to additionally enable PCI compliance for creating PCI compliant clusters (see here for details on creating a PCI compliant cluster).
Table of Contents
Revoke access to account for inactive users after 90 days of inactivity.
As a pre-requisite, the account must have at least two owner status users to enable these settings.
If this option is enabled, any user who has not logged on within 90 days will have access revoked for the accounts with this setting enabled. Users are notified through email 10 days and 1 day prior to account access revocation. Upon revoking a user’s account access, an account owner can re-invite the user back into the account through the console.
IMPORTANT: Owners can also have access for the account revoked if they do not log in. An account can end up with no owners this way. If this occurs, please contact us at email@example.com for assistance.
Console Session Settings
Console sessions will time out after 15 minutes of inactivity
To ensure security around unchecked console sessions, exposing provisioned clusters and sensitive information, users will be timed out after 15 minutes and required to log in and re-authenticate.
Multi-factor authentication will be enforced for all users
Multi-factor authentication (MFA) will be enforced on all users in an account,. Users who do not already have MFA enabled will be forced to set up the MFA requirements to access the account when they next log in.
Users will be asked to change their password every 90 days
Passwords expire after 90 days, a user with an expired password will then be required to change their password before logging in.
5 consecutive unsuccessful login attempts will result in a 30 minute lock-out
Five consecutive failed login attempts will result in a lockout for 30 minutes counting from the last failed login attempt. A user who is locked out this way will be prevented from logging in during this time.
The lockout period ends if:
- 30 minutes passes, or
- The account owner unlocks the user through a button on the console, or
- The user resets their own password through existing mechanisms (clicking a reset password link at the login form page or receiving a password reset email with a token).
PCI Compliant Security Settings
Instaclustr provides PCI compliant services and as such has requirements to be fulfilled in order to access/utilise our services with PCI compliance enabled. In order to learn more about PCI and the specific requirements, head over to this page.
In order for an account to be compliant to the PCI standards, it must satisfy all of the security options within the security tab. Once all of the settings are enabled, the user can then enable PCI Compliant with the slider button at the top of the security page.