Security Settings in Oomnitza

Oomnitza offers an array of configurable security features to allow organizations to keep their data secured. While these settings are documented below, many of these features utilize Oomnitza's Global Settings Table. Which allows for the configuration of certain system wide settings and allows for universal variable storage.

Password enforcement Global Settings

The password security settings allow you to define passwords requirements for users that authenticate directly at the Oomnitza Login page with a username and password.

Key

Description

password.min_length

Minimum password length

  • Default value: 8

  • Min length: 8

  • Max length: 256

If the parameter is not set or does not match the length requirements, the default value will be set.

password.require_lower_case

Defines whether at least one lower case letter is required within the password. 

  • Default value: Yes

  • Possible values: 1/0, true/false, True/False, TRUE/FALSE, Yes/No, yes/no, y/n, Y/N, YES/NO
password.require_upper_case

Defines whether at least one upper case letter is required within the password

  • Default value: No

  • Possible values: 1/0, true/false, True/False, TRUE/FALSE, Yes/No, yes/no, y/n, Y/N, YES/NO
password.require_digit

Defines whether at least one digit is required within the password

  • Default value: Yes

  • Possible values: 1/0, true/false, True/False, TRUE/FALSE, Yes/No, yes/no, y/n, Y/N, YES/NO
password.require_special_char

Defines whether at least one special character is required within the password.

  • Default value: Yes

  • Possible values: 1/0, true/false, True/False, TRUE/FALSE, Yes/No, yes/no, y/n, Y/N, YES/NO

Within Oomnitza System, we allow following characters as special characters:
\|!@#$%^&*()_+-={}"'`~/?.>,<[]]+

CORS Global Settings

Key

Description

security.allowed_cors_domains

Specifies domains allowed for CORS. When the global is not set and the request from the other domain has come, the system should NOT do anything. BUT if it is set, the system should check the domain match and accept or reject it.

The user should enter a comma-delimited list with no spaces.

  • i.e. zendesk.attacker.site,mail.google.com

If the provided value is invalid (contains special characters), the system should filter it out.

Change of Username, Email, and Password notifications

Whenever a user has their username, email, or password changed, they will receive a notification of that change. These notifications can only be prevented when the "Restrict Access" button is selected for that user.

Custom SMTP Settings

Oomnitza also allows for customized SMTP settings. For help setting this up, please contact support@oomnitza.com

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk