For more information about setting up for security generally, including passwords and user permissions, see Security.
This page summarises Case Manager's global security settings. You can customise these settings to suit your business processes and policies.
Global security settings
To access the settings select Tools > Options from the main menu and click the Security tab.
After making changes click Save & Close to save them and close the window. Alternatively select Save to just save and apply them.
A - Authentication settings
The first section covers the settings required to set up for Microsoft, MFA and Case Manager.
B - Password settings
All the password specifications and requirements are defined in the top part of the screen.
See Password settings for information about these, including best practice for maximising the risk of unauthorised logins.
C - Enable Forgot Password feature
Click this option to switch on the User forgets Password feature.
This feature enables users to reset their password without logging on to Case Manager.
The password reset can be initiated from both the web and Windows version of Case Manager, however the reset procedure must actually be done at the web version in order to adhere to industry standard best practice. Thus, the feature can only be switched on at the web version in order to ensure that this version is available.
You should set a limit of password change attempts. The default value is 30. This setting will disable the feature after the specified number of failed attempts has occurred within the previous 24 hours. This protects you against hacking attempts, see Exceeding the number of failed attempts below.
An email address is essential in order for the feature to work. The reset password email will be sent from the Case Manager System Email, i.e. the email address specified at the system email settings in the Outgoing Mail server tab:
- The outgoing email server must also have been configured in these settings.
- This feature is disabled by default because you need to supply the From email address and have valid global email settings in order for it to function.
When the specified number of failed attempts has occurred within the previous 24 hours the feature is switched off:
- The Forgot Password link disappears from all login screens.
- At the Forgot Password settings you will see an error message informing you why the feature was disabled.
- We advise you to contact Chameleon Support so that we can go through the logs to ascertain whether you were the victim of a hacking attempt.
- You can re-enable the feature from the Forgot Password settings once the failed attempts have been reviewed.
D - Scheduled maintenance
You can schedule a maintenance window that logs all users off the system and allows maintenance activities.
See Scheduled maintenance for details.
This setting determines the mobile session timeout, i.e. the number of minutes the mobile app will be open without no activity before it automatically logs the current user out.
This provides security if the phone is lost or stolen, see Login security.
As part of our increased security and to protect against session hijacking, Case Manager now tracks the web login session. A new setting allows login sessions to be invalidated if the client IP address changes.
Another new setting also allows System Administrators to enable/disable the auditing log information of case manager users.