{"id":20406,"date":"2022-03-25T13:45:52","date_gmt":"2022-03-25T12:45:52","guid":{"rendered":"https:\/\/help.openbee.com\/open-bee-portal\/administrators-guide\/security-management\/"},"modified":"2025-07-04T11:13:55","modified_gmt":"2025-07-04T09:13:55","slug":"security-management","status":"publish","type":"page","link":"https:\/\/help.openbee.com\/en\/open-bee-portal\/administrators-guide\/security-management\/","title":{"rendered":"Security Management"},"content":{"rendered":"<div id=\"main-content\" class=\"wiki-content group\">\n<p>This interface allows the EDM administrator to manage general settings related to EDM security.<\/p>\n<p>It is divided into several subsections:<\/p>\n<style type=\"text\/css\"><![CDATA[\/*<![CDATA[*\/\ndiv.rbtoc1648215953253 {padding: 0px;}\ndiv.rbtoc1648215953253 ul {list-style: disc;margin-left: 0px;}\ndiv.rbtoc1648215953253 li {margin-left: 0px;padding-left: 0px;}\n\n\/*]]]]><![CDATA[>*\/]]><\/style>\n<div class=\"toc-macro rbtoc1648215953253\">\n<ul class=\"toc-indentation\">\n<li><a href=\"#Gestiondelas%C3%A9curit%C3%A9-Motdepasse\">Password<\/a>\n<ul class=\"toc-indentation\">\n<li><a href=\"#Gestiondelas%C3%A9curit%C3%A9-Politiquedesmotsdepasse\">Password Policy<\/a><\/li>\n<li><a href=\"#Gestiondelas%C3%A9curit%C3%A9-Politiquederenouvellementdesmotsdepasse\">Password Renewal Policy <\/a><\/li>\n<li><a href=\"#Gestiondelas%C3%A9curit%C3%A9-Politiquedeblocageencasd'erreurdeconnexion\">Connection Error Blocking Policy <\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"#Gestiondelas%C3%A9curit%C3%A9-Authentification\">Authentication<\/a>\n<ul class=\"toc-indentation\">\n<li><a href=\"#Gestiondelas%C3%A9curit%C3%A9-SSO\">SSO<\/a><\/li>\n<li><a href=\"#Gestiondelas%C3%A9curit%C3%A9-Doubleauthentification\">Two-factor authentication<\/a><\/li>\n<li><a href=\"#Gestiondelas%C3%A9curit%C3%A9-Tempsd%E2%80%99attented%C3%A9pass%C3%A9\">Waiting time exceeded<\/a><\/li>\n<li><a href=\"#Gestiondelas%C3%A9curit%C3%A9-P%C3%A9riph%C3%A9riquesetlocalisation\">Devices &amp; Location<\/a><\/li>\n<li><a href=\"#Gestiondelas%C3%A9curit%C3%A9-Param%C3%A8tresavanc%C3%A9s\">Advanced settings<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"#Gestiondelas%C3%A9curit%C3%A9-Chiffrement\">Encryption<\/a><\/li>\n<\/ul>\n<\/div>\n<p>To access it, click on &#8220;<strong>Administration<\/strong>&#8221; &#8220;<strong>Security<\/strong>&#8220;.<\/p>\n<p><img decoding=\"async\" class=\"confluence-embedded-image\" src=\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/273356226-translated.jpg\" data-image-src=\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/273356226-translated.jpg\"><\/p>\n<h3 id=\"Gestiondelas\u00e9curit\u00e9-Motdepasse\">Password<\/h3>\n<p>This tab allows the administrator to change the various settings that control password management.<\/p>\n<p><img decoding=\"async\" class=\"confluence-embedded-image\" src=\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/273356227-translated.jpg\" data-image-src=\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/273356227-translated.jpg\"><\/p>\n<h4 id=\"Gestiondelas\u00e9curit\u00e9-Politiquedesmotsdepasse\">Password Policy<\/h4>\n<p>This section allows the administrator to change the structure of the password requested from the user during creation or renewal.<\/p>\n<p>The minimum structure of a password is as follows: 8 characters minimum, including 1 uppercase, 1 lowercase and 1 number.<\/p>\n<p>The administrator cannot simplify the word structure below this minimum configuration.<\/p>\n<div class=\"form-group clearfix\">\n<div class=\"col-md-6 nopadding control-label\">\n<ul>\n<li><strong>Min. number Characters: <\/strong>Minimum number of characters in the password<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<div class=\"form-group clearfix\">\n<div class=\"col-md-6 nopadding control-label\">\n<ul>\n<li><strong>Min. number numeric characters: <\/strong>Minimum number of digits in the password<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<div class=\"form-group clearfix\">\n<div class=\"col-md-6 nopadding control-label\">\n<ul>\n<li><strong>Min. number Uppercase characters: <\/strong>Minimum number of uppercase letters in the password<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<div class=\"form-group clearfix\">\n<div class=\"col-md-6 nopadding control-label\">\n<ul>\n<li><strong>Min. number lowercase characters : <\/strong>Minimum number of lowercase letters in the password<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<div class=\"form-group clearfix\">\n<div class=\"col-md-6 nopadding control-label\">\n<ul>\n<li><strong>Min. number Special Characters : <\/strong>Minimum number of special characters in the password <em>(examples of special characters: !,$, \u00a7, +, etc.)<\/em><br \/>\n<em><br \/>\n<\/em><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<div class=\"form-group clearfix\">\n<ul>\n<li><strong>Prohibit usernames and sequences of characters (0123&#8230;) in passwords: <\/strong>This setting allows you to prohibit character sequences and the use of their username when a user creates or renews their password.<\/li>\n<\/ul>\n<\/div>\n<div class=\"form-group clearfix\">\n<ul>\n<li><strong>Prohibit the use of a password that has already been used: <\/strong>When renewing a password, the user cannot use a password that they had previously used.<\/li>\n<\/ul>\n<\/div>\n<h4 id=\"Gestiondelas\u00e9curit\u00e9-Politiquederenouvellementdesmotsdepasse\">Password Renewal Policy<\/h4>\n<p>The administrator can decide to force or suggest to the user to change their password every X months.<\/p>\n<p>Once the set time has passed, the moment the user logs back into their Open Bee\u2122 Portal, they will be asked to change their password.<\/p>\n<p>This action is mandatory or optional depending on the configuration chosen. They can also disable this option by choosing the &#8221; <em>Not applicable&#8221;<\/em> option.<\/p>\n<h4 id=\"Gestiondelas\u00e9curit\u00e9-Politiquedeblocageencasd'erreurdeconnexion\">Connection Error Blocking Policy<\/h4>\n<p>In case of several attempts with connection error, the account is blocked for a few minutes.<\/p>\n<p>By default the account is blocked for 2 minutes following 3 unsuccessful attempts, the administrator can choose to change this setting.<\/p>\n<h3 id=\"Gestiondelas\u00e9curit\u00e9-Authentification\">Authentication<\/h3>\n<p>This tab allows the administrator to change authentication-related settings such as two-factor authentication or session duration.<\/p>\n<p>They can also choose to enable additional security features that will force the user to re-identify themselves in the event of a change in behavior, such as changing their usual IP address or using a new device.<\/p>\n<p><img decoding=\"async\" class=\"confluence-embedded-image\" src=\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/273356228-translated.jpg\" data-image-src=\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/273356228-translated.jpg\"><\/p>\n<h4 id=\"Gestiondelas\u00e9curit\u00e9-SSO\">SSO<\/h4>\n<p>Automatic authentication from a Windows account (SSO) can be automatic by checking this box.<\/p>\n<p>There are a number of prerequisites and other configurations that are required for this feature to function properly.<\/p>\n<p>See <a href=\"https:\/\/help.openbee.com\/en\/open-bee-portal\/administrators-guide\/single-sign-on-in-an-active-directory-environment\/\"><strong>this page for more details<\/strong><\/a>.<\/p>\n<h4 id=\"Gestiondelas\u00e9curit\u00e9-Doubleauthentification\">Two-factor authentication<\/h4>\n<p>The administrator can configure his two-factor authentication management here.<\/p>\n<ul>\n<li><strong>Activation Policy: <\/strong>The admin can choose:\n<ul>\n<li style=\"list-style-type: none; background-image: none;\">\n<ul>\n<li style=\"list-style-type: none; background-image: none;\">\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"list-style-type: none; background-image: none;\">\n<ul>\n<li>To give EDM users the choice to activate or not a two-factor authentication, users must then go to their profile to activate this option<\/li>\n<li>Require users to use two-factor authentication.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<div class=\"aui-message warning shadowed information-macro\">\n<div class=\"message-content\">When the administrator changes this configuration to require all users to use two-factor authentication, only future users who will be created in the DMS will have this action enabled by default. For existing users, if they have this option enabled they will no longer be able to deactivate it, if they have not yet activated it, the administrator must force the change manually.<\/div>\n<\/div>\n<\/li>\n<li style=\"list-style-type: none; background-image: none;\">\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li><strong>Activating a second two-factor authentication mode: <\/strong>By default, the two-factor authentication is done by sending an email.<\/li>\n<\/ul>\n<p style=\"margin-left: 60.0px;\">Open Bee\u2122 Portal allows you to use other two-factor authentication methods. In order to use another mode, the administrator must enable it at this step. This mode will be usable by all EDM users. Please note that the choice of mode is at the user&#8217;s discretion.<\/p>\n<div class=\"aui-message warning shadowed information-macro\">\n<div class=\"message-content\">Using a second two-factor authentication mode requires the installation and activation of a dedicated add-on. Read the documentation on this topic.<\/div>\n<\/div>\n<h4 id=\"Gestiondelas\u00e9curit\u00e9-Tempsd\u2019attented\u00e9pass\u00e9\">Waiting time exceeded<\/h4>\n<p>The administrator can choose to differentiate the duration of sessions based on the authentication security level chosen by the user<\/p>\n<p><strong>Session duration if two-factor authentication is enabled: <\/strong>This is the amount of time that the web browser session remains active before the user is asked to authenticate again.<\/p>\n<p><strong>Session duration if two-factor authentication is not enabled: <\/strong>This is the amount of time that the web browser session remains active before the user is asked to authenticate again.<\/p>\n<h4 id=\"Gestiondelas\u00e9curit\u00e9-P\u00e9riph\u00e9riquesetlocalisation\">Devices &amp; Location<\/h4>\n<p>The administrator can choose to strengthen the security of his EDM by requiring the user to re-identify himself in the event of a change in behavior.<\/p>\n<p><strong>Send an authentication code by email when logging in for the first time from a new device: <\/strong>When the user logs in to Open Bee\u2122 Portal for the first time from a new device, they are forced to perform two-factor authentication by email even if this option is not enabled. Afterwards, they will no longer have to perform this operation until they change devices.<\/p>\n<p><strong>Automatically log out when IP address changes: Open Bee\u2122 Portal <\/strong>can detect that the public IP address of the logged-in user has changed. In this case, when the user wants to perform a new action, it is automatically disconnected in order to force him to identify himself again in order to validate that the change of IP address is normal.<\/p>\n<h4 id=\"Gestiondelas\u00e9curit\u00e9-Param\u00e8tresavanc\u00e9s\"><strong>Advanced settings<\/strong><\/h4>\n<p><strong>  Allow the use of <strong>Open Bee\u2122 Portal <\/strong>cookies from a third-party website<\/strong><\/p>\n<p>In order to fight against CSRF attacks, <strong>Open Bee\u2122 Portal <\/strong>no longer allows the use of its cookies for any request from another site since version 6.11.3.<\/p>\n<p>This results in a user being forced to authenticate every time they want to access an <strong>Open Bee\u2122 Portal<\/strong> screen from a link hosted on another website.<\/p>\n<p>Disabling this option allows the user to skip the authentication screen if they already have an active session.<\/p>\n<h3 id=\"Gestiondelas\u00e9curit\u00e9-Chiffrement\">Encryption<\/h3>\n<p><img decoding=\"async\" class=\"confluence-embedded-image\" src=\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/273356229-translated.jpg\" data-image-src=\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/273356229-translated.jpg\"><\/p>\n<p><span style=\"color: #000000;\"> <strong> Document Encryption <\/strong>: Select this checkbox to enable AES 256-bit encryption of documents stored by Open Bee\u2122 Portal. This option is transparent to the end user. <\/span><\/p>\n<p><span style=\"color: #000000;\"><img decoding=\"async\" class=\"emoticon emoticon-warning\" src=\"https:\/\/help.openbee.com\/wp-content\/uploads\/2022\/03\/warning.png\" alt=\"(warning)\" data-emoticon-name=\"warning\"> It is not retroactive, only documents and versions added after activating the option will be encrypted. To encrypt existing documents please contact support. <\/span><\/p>\n<p><span style=\"color: #000000;\"> <\/span><\/p>\n<p><span style=\"color: #000000;\"><strong>Search encrypted documents<\/strong> : Select this checkbox to search the contents of encrypted documents. <\/span><\/p>\n<p><span style=\"color: #000000;\"><img decoding=\"async\" class=\"emoticon emoticon-warning\" src=\"https:\/\/help.openbee.com\/wp-content\/uploads\/2022\/03\/warning.png\" alt=\"(warning)\" data-emoticon-name=\"warning\"> This feature implies less security due to the unencrypted storage of the content of the documents in the Open Bee\u2122 Portal database<\/span><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>This interface allows the EDM administrator to manage general settings related to EDM security. It is divided into several subsections: Password Password Policy Password Renewal Policy Connection Error Blocking Policy Authentication SSO Two-factor authentication Waiting time exceeded Devices &amp; Location Advanced settings Encryption To access it, click on &#8220;Administration&#8221; &#8220;Security&#8220;. Password This tab allows the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":20157,"menu_order":1,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-20406","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/help.openbee.com\/en\/wp-json\/wp\/v2\/pages\/20406","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/help.openbee.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/help.openbee.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/help.openbee.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/help.openbee.com\/en\/wp-json\/wp\/v2\/comments?post=20406"}],"version-history":[{"count":3,"href":"https:\/\/help.openbee.com\/en\/wp-json\/wp\/v2\/pages\/20406\/revisions"}],"predecessor-version":[{"id":24652,"href":"https:\/\/help.openbee.com\/en\/wp-json\/wp\/v2\/pages\/20406\/revisions\/24652"}],"up":[{"embeddable":true,"href":"https:\/\/help.openbee.com\/en\/wp-json\/wp\/v2\/pages\/20157"}],"wp:attachment":[{"href":"https:\/\/help.openbee.com\/en\/wp-json\/wp\/v2\/media?parent=20406"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}