This page is maintained for older versions of Spira only. The latest documentation can be found at: https://spiradoc.inflectra.com

SpiraTest Administration Guide Help Viewer

1. Introduction
2. Installing SpiraTeam®
3. System Administration
4. Appendices
Search:
1. Introduction
2. Installing SpiraTeam®
3. System Administration
4. Appendices

3.9.6. Security Settings

The “Security Settings” administration page lets you specify the various security settings within SpiraTeam to match your organization’s policies and processes:

The following settings can be changed within the system, once you are satisfied, click the <Update> button to commit the changes:

  • Allow User Registration – Set this to “Yes” if you want to allows to self-register for SpiraTeam accounts (that you can subsequently approve). If you set this to “No”, a system administrator will need to create all user accounts. Also set this to “No” if you plan on using LDAP-based authentication.
  • Maximum # Invalid Password Attempts – Set this to the number of times a user can enter an incorrect password before their account is temporarily locked out. This is important in preventing ‘brute force’ password hacking attempts.
  • Minimum Required Password Length – Set this to the minimum length of passwords in the system. Choosing a longer password will make it harder for an unauthorized user to crack a password and gain entry into the system.
  • Minimum Required Special Characters - Set this to the minimum number of non-alphanumeric characters that will be required for passwords in the system. Choosing more required special characters will make it harder for an unauthorized user to crack a password and gain entry into the system.
  • Password Attempt Time Window – Set this to the duration (in minutes) after which a user’s account will be automatically unlocked (due to repeated incorrect password attempts).
  • Authentication Expiration – This specifies the amount of time (in minutes) after which a user will be logged out due to inactivity when they login without choosing the ‘Keep Me Logged-In’ option.
  • Keep Me Logged-In Expiration - This specifies the amount of time (in minutes) after which a user will be logged out due to inactivity if they have chosen to login with the 'Keep Me Logged-In' option. This should normally be longer than the previous setting.