User Access Settings for Password and IP Restrictions

In Administration, you can designate overall access restrictions and password protocols for your users in User Access Settings. This article covers what those settings are and how to implement them.

Note

If you restrict IPs in PrecisionLender, it does apply to integrations. Therefore, you will need to include Salesforce IPs in the allowed IPs to ensure access from Salesforce works properly.

 

Managing User Access Settings

To View or Change User Access settings for your organization:

  • Click on the Administration tab in the lower left-hand corner of the application
  • Scroll down to the Users section
  • Click the "User Access Settings" button
  • Access to this area is controlled by the Manage Access permission (see Setting Up Security Profiles).

 Password Expiration: Determines how long the current user passwords will be valid until a password change is required

  • Expire After 30 days (default)
  • Expire After 60 days
  • Expire After 90 days
  • Never Expires

Previous Password Match: Determines how many past passwords are off-limits as new passwords during a change

  • None
  • Cannot Match Last 1
  • Cannot Match Last 3 (default)
  • Cannot Match Last 5
  • Cannot Match Last 10 

Minimum Password Length: Minimum number of characters required for a valid password (default = 8)

Password Complexity Requirements: Determines what types of characters must be included in a valid password.  A checked box will require at least one character of the specified type.  If no boxes are checked, then there are no complexity requirements.

  • Letters and Numbers
  • Mixed Case
  • Special Characters (default)

Maximum Failed Login Attempts: Number of sequential failed login attempts allowed before then next failed attempt results in a user lock-out (default is 3)

Password Lockout: Determines the length of an account lock-out before the user is allowed to retry a login.  The Lock Until Removed option will require a system administrator from your bank to manually intervene for locked accounts.

  • Lock for 15 Minutes (default)
  • Lock for 30 Minutes
  • Lock for 1 Hour
  • Lock Until Removed

Limit Access to These IP Addresses: Restricts user's PrecisionLender access to only the specified IP addresses. These will be added to your bank's IP address whitelist. The 'remove' button will turn blue when you select a previously added IP address, allowing you to remove that IP address from your bank's whitelist. 

Exercise caution before using IP Address Filters to ensure that you do not accidentally prevent logins from your current location, unless that is your goal.

  • Separate multiple IP's with a comma
    • For example: 192.158.1.38, 192.488.1.38
  • An Asterisk (*) may be used as a wild card to accept a range of IP addresses.
    • If you white-list 208.1.1.*
    • No matter what the last octet is, logins will be allowed for any IP address that begins with 208.1.1.*
  • A Dash (-) may be used to accept a more specific range of IP addresses.
    • For example: A range of 127.10.23.50-95 denotes that logins will be allowed for IP addresses 127.10.23.50 through 127.10.23.95.
  • IP Ranges using Classless Inter-Domain Routing (CIDR) notation
    • For example: 127.0.0.1/14
  • To sort the list of IP addresses, click:  Sort button

When using IP filtering, ranges are only allowed on the last octet. This means the first 3 octets need to be the same. Here are a few examples of valid and invalid uses of ranges:

127.1.1.1-254 is valid 

127.1.1.1-127.1.1.254 is invalid
127.1.1.* is valid  127.1.1.*-50 is invalid

If you accidentally lock out your location by mistake, please contact our support department for assistance.

If you wish to have a specific user exempted from your IP filter policy:

  • Click on their Username in the Users section.
  • Check the Exempt From IP Address Filters box.

This user will then be allowed to log into their PrecisionLender account from any IP address, regardless of your filter settings.

Limit Accounts to These Email Domains:  Restricts the email domains your users' PrecisionLender accounts can use. Once a domain is added, you will only be able to add users that have an email address represented in the list of pre-defined domains.

  •  You will not be able to save any domain change that could result in locking out an existing user. If your users have multiple domains, you'll need to add all existing domains.

Once you've made your changes, select "Save" to save your changes or select "Close" to cancel any changes and return to the Administration section.