Manage Administrative User Account Policy
An administrative user is a person with an account on the Policy Manager that allows them access to the .
An administrative user is a person with an account on the Policy Manager that allows them access to the
There are two types of administrative users:
- Internal: Users who are entered into and maintained through theAPI Gateway. For more information, see Internal Identity Provider.
- LDAP: Users who have access to theAPI Gateway, but their information and details are maintained in an external LDAP directory. Their account status is set in the LDAP directory and is not viewable in Policy Manager. For more information on LDAP users, see LDAP Identity Providers.
In order to modify the account properties for administrative users, you must be assigned either the 'Administrator' or the 'Manage Administrative Accounts Configuration' role. For more information about roles, see Predefined Roles and Permissions.
To manage administrative users:
- In the Policy Manager, select[Tasks] > Users and Authentication > Manage Administrative User Account Policyfrom the Main Menu (on the browser client, from the Manage menu). The Administrative User Account Properties dialog displays.
- Refer to the following table to understand the available settings for your administrative user account policy. Note that not all settings may apply to your administrative users.SettingDescriptionMaximum InvalidLogon AttemptsSelect the maximum number of failed login attempts before the account is locked.Choose a number between 1 and 20. The default is 5 attempts.For more information on unlocking locked accounts, see Creating an Internal User.Minimum Lockout DurationChoose the number of minutes a user must wait to attempt to log on again after reaching the maximum number of invalid logon attempts. The options are from 1 to 1440 minutes (one day). The default is 20 minutes.Gateway Session ExpirySet the number of minutes, between 1 and 1440, that the administrative user can leave aAPI Gatewaysession idle before being disconnected. The default is 30 minutes.Maximum Inactivity PeriodSet the number of days, between 1 and 365, that an account can be inactive before it disables. The default is 35 days.Reset to PCI-DSS MinimumClick to reset all the administrative user account settings to meet the minimum acceptable level for PCI-DSS (Payment Card Industry Data Security Standard).If you subsequently change any setting that invalidates the PCI-DSS minimum, you will be prompted to confirm when dismissing the dialog box.Reset to STIG MinimumClick to reset all the administrative user account settings to meet the minimum acceptable level for STIG (Secure Technical Implementation Guide ).If you subsequently change any setting that invalidates the STIG minimum, you will be prompted to confirm when dismissing the dialog box.
- Click [OK] when done.