Additional Options for User Password Governance and Account Unlock

Updated 

Global Admins can access Customer Security Settings in the environment they administer. Here, workflows can be set for recovering passwords and unlocking accounts for users within the environment. Workflows to unlock a locked account can allow users to get back into their Sprinklr accounts without needing to submit a support ticket, and options for second and third level verification ensure that accounts are secure.

Before You Begin

Before setting workflows for your Customer environment in Security Settings, you'll first want to make sure that users in your environment have updated their individual Security Settings. Users can access and edit their own Security Settings by hovering over their Username in the top right corner and clicking Security Settings.
Space_Username_Security_Settings.png
When setting your individual Security Settings, you'll be asked to first enter your Current password before making any changes. Once entered, you have the option of changing your password, entering a secret question, and entering a mobile number where a one-time password can be sent through a text message.
User_Security_Settings_Edit.gif

A secret question and/or a mobile one-time password can both be configured by a Global Admin in the password reset and account unlock workflow options described below.

Note

If a mobile OTP workflow is set for unlocking accounts or resetting passwords, users in your environment will be prompted to enter a mobile number upon login to ensure that the workflow you create can be executed.

Enter_Mobile_Prompt.png

To Set Password Reset and Account Unlock Workflows

  1. Click the New Tab icon Screen Shot 2017-09-25 at 1.52.25 PM.png and select Settings under the Social Core cloud.
  2. From the Settings window, select Security Settings within Manage Customer.

Note

Partner Security Settings can only be accessed by Global Admins. To learn more about user types, see Types of Users.

SocialCore_Settings_Manage_Customers_Security_Settings.PNG

  1. Your current Partner Security Configuration Details will display your environment's current workflow for resetting user passwords and for unlocking accounts. Each workflow has the option for one, two, or three levels of verification to be set. Click Edit in the bottom right corner to make changes to workflows.
    Partner_Security_Configuration.gif

To Set a Password Reset Workflow

  1. After clicking Edit in Partner Security Configuration, you can edit the current Forgot Password Workflow. By default, this workflow will be set to single-level verification, an Email redirect link. When a user initiates the password reset workflow by clicking Forgot Your Password? on the Sprinklr login screen, the user will be prompted to enter the email associated with his or her login and will be emailed a link to reset his or her password.
  2. If desired, a second or third level of verification can be set as a requirement for users resetting their passwords. Check the box next to Add second level verification to add additional authentication for users before they can reset their password. From the Select security verification type drop-down, you can set the Security Question or Mobile OTP as the second-level verification.
    SocialCore_Settings_Manage_Customers_Security_Settings_Edit.PNG

    If Security Question is set as the second-level verification, users will need to enter the answer to their Secret Question, set in their individual Security Settings. If Mobile OTP is set as the second-level verification, users attempting to reset their password will receive a text message with a one-time password on the mobile device saved in their individual Security Settings.
  3. If second-level verification has been set, you can opt to enable third-level verification. The verification type can be set to Secret Question or to Mobile OTP, depending on which option was set at the second level of verification. When third-level verification has been set, users will have to enter the answer to their Secret Question and enter the one-time password they receive through text message, in the order determined by your password reset workflow.

To Set an Unlock Account Workflow

A user's Sprinklr account will get locked after a set number of failed login attempts. The default maximum number of attempts is three. By creating an Unlock account workflow, Global Admins can determine requirements for users to unlock their accounts.

  1. On the Partner Security Configuration Details window, below the Forgot password workflow, you'll see the Unlock account workflow options. You can check the box beside Use the same workflow as "Forgot Password Workflow" to enable the same workflow for users to unlock their account and when resetting their password with the Forgot Your Password? link.
  2. If not using the same workflow, you can set single, second, or third-level verification requirements for users to unlock their accounts. Your options for second and third levels of verification are the same as the Forgot Password Workflow options. In order to set the third level of verification, the second level of verification must be set. If a third option is enabled, the verification type will be whichever type was not selected at the second level.
    SocialCore_Settings_Manage_Customers_Security_Settings_Edit_Unlock_Account_Workflow.PNG
  3. Additionally, you may choose to change the number of failed login attempts that will be allowed before a user's account locks. The maximum number of attempts that can be set is 10.
    SocialCore_Settings_Manage_Customers_Security_Settings_Edit_Password_Entry_Attempt.PNG
  4. Click Save at the bottom right corner to save your Security Settings configuration.