FORMS Authentication
FORMS Authentication

Keep me logged in

1. Keep me logged in
If selected, users will be allowed to select this option from the login page. Selecting keep me logged in will override the standard 20 minute timeout for inactive sessions and keep the user logged in.
  • For users with Named user licenses (i.e. dedicated to the user), this option is effectively the same as using ‘remember me’ on many web sites – their sessions will not timeout  and when they access the application they will by-pass the login page.
  • For users with Floating user licenses (i.e. shared licenses), this option will attempt to keep the user logged in. However, a user may lose their license spot if another floating license user tries to logon and the ‘keep me logged in’ user has been idle for longer than the session time out parameter.
WARNING: Allowing ‘Keep me logged in’ can weaken the security of the application as work stations left logged in and unattended could be used by unauthorized people to access the application.
NOTE: The default session time out for RMTrack is 20 minutes. This period can be adjusted if desired. For more information please see RMTrack knowledgebase article HOW TO: Change the Session Time-Out parameter or contact support@rmtrack.com.

Password Recovery

2. Password Recovery
If Allow ‘Forgot password’ is selected users will see an option on the login page for: Trouble logging on? Forgot your password? Clicking on the link provided will initiate the password recovery option you have slected:
  • Secret question and answer

    – users will be prompted for their user ID. If a valid user ID is entered the user will then be prompted with a secret question and allowed to enter an answer. If correctly answered, the user will be taken to the password reset page. The secret questions and answers are set by the user from the User Profile page (click on user ID at the far left of the main menu bar) and can also be set by an Administrator from the User Details page. You can choose to allow the user to create their own secret question or force them to pick from a set of predefined questions.
  • Send a password reset e-mail

    – users will be prompted for their e-mail address and if RMTrack finds a user account with a matching e-mail address, an e-mail will be sent to that address. The e-mail sent will use the e-mail template selected here. The e-mail template must contain the macro [PasswordResetUrl] which will allow RMTrack to send a link to the user that will take them to the password rest page.
NOTE: The e-mail address entered must match one, and only one, user account for the password reset e-mail to be sent. This process will not work if multiple user IDs have the same e-mail address.

Password Strength

3. Password Strength
RMTrack can enforce certain password strength criteria by forcing users to set passwords that meet the rules selected.
where is this