Manage Administrative User Account Policy

An administrative user is a person with an account on the Policy Manager that allows them access to the .
gateway91
An administrative user is a person with an account on the Policy Manager that allows them access to the
API Gateway
.
There are two types of administrative users:
  • Internal
    : Users who are entered into and maintained through the
    API Gateway
    . For more information, see Internal Identity Provider.
  • LDAP
    : Users who have access to the
    API Gateway
    , but their information and details are maintained in an external LDAP directory. Their account status is set in the LDAP directory and is not viewable in Policy Manager. For more information on LDAP users, see LDAP Identity Providers.
In order to modify the account properties for administrative users, you must be assigned either the 'Administrator' or the 'Manage Administrative Accounts Configuration' role. For more information about roles, see Predefined Roles and Permissions.
To manage administrative users
:
  1. In the Policy Manager, select 
    [Tasks] > Users and Authentication > Manage Administrative User Account Policy
    from the Main Menu (on the browser client, from the Manage menu). The Administrative User Account Properties dialog displays.
  2. Refer to the following table to understand the available settings for your administrative user account policy. Note that not all settings may apply to your administrative users. 
    Setting
    Description
    Maximum Invalid
    Logon Attempts
    Select the maximum number of failed login attempts before the account is locked.
    Choose a number between 1 and 20. The default is 5 attempts.
    For more information on unlocking locked accounts, see Creating an Internal User.
    Minimum Lockout Duration
    Choose the number of minutes a user must wait to attempt to log on again after reaching the maximum number of invalid logon attempts. The options are from 1 to 1440 minutes (one day). The default is 20 minutes.
    Gateway Session Expiry
    Set the number of minutes, between 1 and 1440, that the administrative user can leave a
    API Gateway
    session idle before being disconnected. The default is 30 minutes.
    Maximum Inactivity Period
    Set the number of days, between 1 and 365, that an account can be inactive before it disables. The default is 35 days.
    Users assigned the role of 'Administrator' are exempt from this inactivity timeout. For more information on roles, see Predefined Roles and Permissions.
    Reset to PCI-DSS Minimum
    Click to reset all the administrative user account settings to meet the minimum acceptable level for PCI-DSS (Payment Card Industry Data Security Standard).
    If you subsequently change any setting that invalidates the PCI-DSS minimum, you will be prompted to confirm when dismissing the dialog box.
    Reset to STIG Minimum
    Click to reset all the administrative user account settings to meet the minimum acceptable level for STIG (Secure Technical Implementation Guide ).
    If you subsequently change any setting that invalidates the STIG minimum, you will be prompted to confirm when dismissing the dialog box.
  3. Click [
    OK
    ] when done.