Updating security settings

The Platform Settings menu of the Launchpad enables you to configure the security settings of your organization.

To access the Security settings page, follow these steps:

On the Launchpad, from the left navigation pane, select Platform Settings.
Under Organization management, select Security Settings.

On the Security settings page, you can perform the following actions:

Set the session timeout duration.
Configure a list or range of IP addresses from which users can access Diligent One.
Set up single sign-on (SSO).
Add users with permission to bypass SSO.
Set up options for users who belong to non-SSO organizations.

To configure the settings, follow these steps:

On the Security settings page, in the General section, specify the details as described in the following table:

Field	Description
Session timeout	Specify the duration of inactivity before a session times out. You can set the duration in minutes, hours, or days. However, this setting is overridden by the following factors: The minimum session timeout is 15 minutes. If a user has access to multiple instances of Diligent One, the shortest timeout from any of their instances is used for all of their instances. If this instance of Diligent One is set to use Single Sign On (SSO), and timeout settings for your SSO identity provider are longer, your identity provider's settings are respected. For security purposes, ensure that your identity provider's expiry is less than your instance's session expiry. For more information, see Configuring Single Sign-On (SSO). For more information, see Diligent Security.
Allow access only from the following IP addresses	Restricts user IP address access to Diligent One websites. Configure a list or range of allowed IP addresses from which users can access Diligent One. Adding even one IP address to the text box enables this option. Once this option is enabled, all IP addresses that you want to grant access to, must be specified in the text box. Else, unless specifically added, all other IP addresses are restricted. If there are no IP addresses in the text box, this option is not enabled which means all IP addresses are allowed access to Diligent One. Note Individuals can only access diligentoneplatform.com , highbond.com, or any public link created in Diligent One, if their IP is allowlisted. Individuals using mobile devices or other public networks may need to use a VPN in order to access Diligent One. IP allowlisting only impacts access to Diligent One data. IP allowlisting does not impact activating Analytics. Currently, only IPv4 is supported. As a result, do not use IPv6 with the enabled IP allowlist. For more information, see Diligent Security.
Enable only verifying IP at login	Select this checkbox to allow users to continue accessing the platform even if their IP address changes during a session. Users who have permission to modify the IP allowlist can also change this setting.

Field

Description

Session timeout

Specify the duration of inactivity before a session times out.

You can set the duration in minutes, hours, or days.

However, this setting is overridden by the following factors:

The minimum session timeout is 15 minutes.
If a user has access to multiple instances of Diligent One, the shortest timeout from any of their instances is used for all of their instances.
If this instance of Diligent One is set to use Single Sign On (SSO), and timeout settings for your SSO identity provider are longer, your identity provider's settings are respected. For security purposes, ensure that your identity provider's expiry is less than your instance's session expiry. For more information, see Configuring Single Sign-On (SSO).

For more information, see Diligent Security.

Allow access only from the following IP addresses

Restricts user IP address access to Diligent One websites.

Configure a list or range of allowed IP addresses from which users can access Diligent One. Adding even one IP address to the text box enables this option. Once this option is enabled, all IP addresses that you want to grant access to, must be specified in the text box. Else, unless specifically added, all other IP addresses are restricted.

If there are no IP addresses in the text box, this option is not enabled which means all IP addresses are allowed access to Diligent One.

Note

Individuals can only access *diligentoneplatform.com , *highbond.com, or any public link created in Diligent One, if their IP is allowlisted. Individuals using mobile devices or other public networks may need to use a VPN in order to access Diligent One.
IP allowlisting only impacts access to Diligent One data. IP allowlisting does not impact activating Analytics.
Currently, only IPv4 is supported. As a result, do not use IPv6 with the enabled IP allowlist.

For more information, see Diligent Security.

Enable only verifying IP at login

Select this checkbox to allow users to continue accessing the platform even if their IP address changes during a session.

Users who have permission to modify the IP allowlist can also change this setting.

Select Save changes.
In the Single sign-on (SSO) options section, configure the SSO settings.

In the Login options section, specify the details as described in the following table:

Field	Description
Password expiration	Defines a password life in days. For more information, see Diligent Security.
Enable enhanced password settings	Select this checkbox to enforce stronger password requirements for all users in your organization. After it is enabled, users will be asked to change their passwords at their next login with the following requirements: The password must be at least 15 characters long containing mixed case, numbers, and special characters. After the users change their password, they can reset it only after 24 hours. Note The default password settings include the following: Users can't reuse the previous 25 passwords. The password must be at least eight characters long containing mixed cases and numbers.
Enable two-factor authentication	Select this checkbox to enforce multi-factor authentication for all users in your organization. For more information, see Configuring two-factor authentication (2FA or MFA).

Field

Description

Password expiration

Defines a password life in days. For more information, see Diligent Security.

Enable enhanced password settings

Select this checkbox to enforce stronger password requirements for all users in your organization. After it is enabled, users will be asked to change their passwords at their next login with the following requirements:

The password must be at least 15 characters long containing mixed case, numbers, and special characters.
After the users change their password, they can reset it only after 24 hours.

Note

The default password settings include the following:

Users can't reuse the previous 25 passwords.

The password must be at least eight characters long containing mixed cases and numbers.

Enable two-factor authentication

Select this checkbox to enforce multi-factor authentication for all users in your organization. For more information, see Configuring two-factor authentication (2FA or MFA).

Updating security settings

Page options

Is this page helpful?

Is this page helpful?