Security settings

For more information about setting up for security generally, including passwords and user permissions, see Security.

This page summarises Case Manager's global security settings. You can customise these settings to suit your business processes and policies.

Global security settings

To access the settings select Tools > Options from the main menu and click the Security tab.

After making changes click Save & Close to save them and close the window. Alternatively select Save to just save and apply them.

A - Authentication settings

The first section covers the settings required to set up for Microsoft, MFA and Case Manager.

B - Password settings

All the password specifications and requirements are defined in the top part of the screen.

See Password settings for information about these, including best practice for maximising the risk of unauthorised logins.

C - Enable Forgot Password feature

Click this option to switch on the User forgets Password feature.

This feature enables users to reset their password without logging on to Case Manager.

The password reset can be initiated from both the web and Windows version of Case Manager, however the reset procedure must actually be done at the web version in order to adhere to industry standard best practice. Thus, the feature can only be switched on at the web version in order to ensure that this version is available.

D - Scheduled maintenance

You can schedule a maintenance window that logs all users off the system and allows maintenance activities.

See Scheduled maintenance for details.

E - Mobile timeout

This setting determines the mobile session timeout, i.e. the number of minutes the mobile app will be open without no activity before it automatically logs the current user out.

This provides security if the phone is lost or stolen, see Login security.

Login Sessions and Audit History

As part of our increased security and to protect against session hijacking, Case Manager now tracks the web login session. A new setting allows login sessions to be invalidated if the client IP address changes.

Another new setting also allows System Administrators to enable/disable the auditing log information of case manager users. See Audit History for further details.