Built-in security levels

Platform supports three security levels per application: Low, Medium, and High. Platform Private Cloud customers can both configure security and add more levels if desired see the XML in System Console > System > Control Panel > Configuration > Security Levels. The standard Platform security levels and the restrictions they enforce are described in the following table:

Security Level Low (default) Medium High
Password length (characters) 6+ 8+ 8+
Password is case-sensitive No Yes Yes
Password can include sequential or repeating characters (like '123456' or 'aaaaa') Yes No No
Passwords must include non-alphabetical character No No Yes
Block user account after N unsuccessful login attempts Never 10 5
Duration of block N/A 30 minutes 60 minutes
Minutes of inactivity before expiring user session 240 (4 hours) 240 (4 hours) 240 (4 hours)
Minutes of usage before forcing user to re-login 480 (8 hours) 480 (8 hours) 480 (8 hours)
Minutes to wait before expiring record lock 120 (2 hours) 60 (1 hour) 30 (1/2 hour)

Minutes to wait before expiring JW Token (jwtExpireMins)

Minimum value is 10 minutes


30 minutes 30 minutes 30 minutes

API Only Access

With API Only Access, a user's credentials can only be used to access REST and SOAP APIs. To create such a user:

  1. Create a regular user.
  2. Edit the user and select API Only Access. If you do not see this check box on the user edit page, use the page editor to add this field to the page. See Editing pages for more information about the page editor.