Configure Login Settings

Create rules for logging in to Business Manager.

In Business Manager, it's important to configure user password restrictions and login lockout policies. All the possible values ensure compliance with the Payment Card Industry Data Security Standard (PCI DSS).

Note: To comply with the PCI DSS standards, users are logged out of their sessions after 15 minutes of inactivity. You can't change this timeout value.

See Resetting a Business Manager Password, Resetting a Business Manager Password for Administrators, and .

  1. Select Administration > Global Preferences > Security and select the User Authentication tab.
  2. Configure how many times a user can enter an incorrect login before being locked out and for how long.
    1. You can choose up to six times.
      The default is six.
    2. By default, the user is locked out for 30 minutes.

      If you select Forever, the account remains locked.

  3. Set the number of days after which a user is required to change their password.
    The default is 60 days.
  4. Set the number of days before an unused account is deactivated. The default is 90 days,
    Seven days before deactivation, the user is sent an email, instructing them to log in to their account to avoid deactivation. The user is sent a second email one day before deactivation.
    If you choose less than 10 days of inactivity, the first email is sent three days before deactivation, instead of seven.
  5. Indicate whether a user is required to answer a security question to change their password.
  6. For Enforce Password History, specify how many passwords in a user's password history are remembered.
    A new password is checked against this history to ensure that a unique password is being used. The default is to remember four passwords.
    Password history isn't saved until you set this value.
  7. Configure the character requirement settings for passwords:
    1. Set the minimum number of characters required in a password.
      The minimum and default is eight characters.
    2. Set the minimum number of special characters required in a password.
      The default is one. You can require up to five.
    3. Set the minimum number of characters required in a user's login ID.
      You can require four to eight characters. The default is six.
  8. Click Apply.