Empower Tip: System Policies

In this tip, we will discuss System Policies. System Policies control the behavior of Empower when users interact with the software. Typically, System Policies are set after Empower has been installed and are only modified in rare circumstances. You need the Alter System Policies privilege to be able to view and/or modify any of the System Policies. If any System Policies are modified, all Users need to log out of Empower and log back in for the change to take place. NOTE: All screen captures in this tip are based on Empower 3.8.0.

We will begin with a review of User Account System Policies.

Let’s see how it’s done!

In the Configuration Manager window, select View, System Policies.

The User Account tab is visible. For this example, we will concentrate on System Policies related to Accounts and Passwords.

Authentication is set to Local Authentication by default. It can be changed to LDAP Authentication from the Authentication drop down list.

What is the difference between these choices?

When set to Local Authentication, users log on to Empower using their Empower username and password.

When set to LDAP Authentication, users log on to Empower using their username and LDAP password. One of the advantages of using LDAP Authentication is that the same password that the user has for all other applications is used to log into Empower. Some call this Single Sign-On.

What do the other System Policies in the highlighted area do if enabled?

Enforce Unique User Account Names – every user logging into the same database must have a unique Username. Additionally, you cannot reuse an old username from a removed account.

Enforce Unique User Passwords – when a User’s password expires, they cannot reuse an old password. The exception is if using LDAP Authentication.

Password Expires every ### days – sets how often Users will have to create a new password. The exception is if using LDAP Authentication.

Limit # of Entry Attempts ### times – sets the number of times a User can attempt to log in to Empower. If they exceed that number (for example, by repeatedly entering an incorrect password) their User account is disabled. The exception is if using LDAP Authentication.

Enforce Minimum Password Length of # characters – sets the minimum number of characters for a password. The exception is if using LDAP Authentication.

It’s that easy!