Security Settings
Configure security policies and settings in EZ-Console.
Overview
EZ-Console provides comprehensive security settings that can be configured through the admin console. These settings control password policies, session management, MFA, and account security.
Accessing Security Settings
Navigate to: System Settings → Security Settings
Password Policies
Minimum Password Length
Set the minimum length required for user passwords.
- Setting Key:
password_min_length - Default:
8 - Range:
6-128 - Example:
12
Password Complexity
Require passwords to contain:
-
Uppercase letters
-
Lowercase letters
-
Numbers
-
Special characters
-
Setting Key:
password_require_uppercase -
Setting Key:
password_require_lowercase -
Setting Key:
password_require_number -
Setting Key:
password_require_special -
Default: All
false
Password Expiration
Force users to change passwords periodically.
- Setting Key:
password_expiration_days - Default:
0(no expiration) - Example:
90(expire after 90 days)
Password History
Prevent users from reusing recent passwords.
- Setting Key:
password_history_count - Default:
0(no history) - Example:
5(cannot reuse last 5 passwords)
Session Management
Session Timeout
Automatically log out users after inactivity.
- Setting Key:
session_idle_timeout_minutes - Default:
30 - Example:
120(2 hours)
Maximum Concurrent Sessions
Limit the number of concurrent sessions per user.
- Setting Key:
session_max_concurrent - Default:
0(unlimited) - Example:
3(maximum 3 concurrent sessions)
Session Renewal
Automatically renew sessions on activity.
- Setting Key:
session_auto_renew - Default:
true
Multi-Factor Authentication (MFA)
MFA Enforcement
Require MFA for all users or specific roles.
- Setting Key:
mfa_enforced - Default:
false - Options:
false,true,role-based
TOTP Settings
Time-based One-Time Password settings.
- Setting Key:
mfa_totp_issuer - Default:
"EZ-Console" - Example:
"My Company"
Email MFA
Enable email-based MFA.
- Setting Key:
mfa_email_enabled - Default:
false
Account Security
Account Lockout
Lock accounts after failed login attempts.
-
Setting Key:
account_lockout_threshold -
Default:
0(disabled) -
Example:
5(lock after 5 failed attempts) -
Setting Key:
account_lockout_duration_minutes -
Default:
30 -
Example:
60(lock for 1 hour)
Inactive Account Handling
Automatically disable inactive accounts.
- Setting Key:
account_inactive_days - Default:
0(disabled) - Example:
90(disable after 90 days of inactivity)
Password Reset
Settings for password reset functionality.
- Setting Key:
password_reset_token_expiry_minutes - Default:
60 - Example:
30(tokens expire after 30 minutes)
API Security
API Rate Limiting
Limit API request rate per user/IP.
- Setting Key:
api_rate_limit_per_minute - Default:
60 - Example:
100
API Key Expiration
Set expiration for service account access keys.
- Setting Key:
api_key_expiration_days - Default:
0(no expiration) - Example:
365(expire after 1 year)
Audit Logging
Audit Log Retention
How long to keep audit logs.
- Setting Key:
audit_log_retention_days - Default:
90 - Example:
365(keep for 1 year)
Audit Log Events
Which events to log.
- Setting Key:
audit_log_events - Default:
all - Options:
all,critical,custom
Configuration via API
Get Security Settings
GET /api/system/settings
Update Security Settings
PUT /api/system/settings
Request Body:
{
"password_min_length": "12",
"password_require_uppercase": "true",
"password_require_lowercase": "true",
"password_require_number": "true",
"password_require_special": "true",
"password_expiration_days": "90",
"password_history_count": "5",
"session_idle_timeout_minutes": "120",
"session_max_concurrent": "3",
"mfa_enforced": "true",
"account_lockout_threshold": "5",
"account_lockout_duration_minutes": "60"
}
Best Practices
1. Strong Password Policy
password_min_length: 12
password_require_uppercase: true
password_require_lowercase: true
password_require_number: true
password_require_special: true
password_expiration_days: 90
password_history_count: 5
2. Session Security
session_idle_timeout_minutes: 30
session_max_concurrent: 3
session_auto_renew: true
3. Account Protection
account_lockout_threshold: 5
account_lockout_duration_minutes: 60
account_inactive_days: 90
4. MFA Enforcement
mfa_enforced: true
mfa_totp_issuer: "My Company"
Security Checklist
- Set strong password policy
- Enable password expiration
- Configure session timeout
- Enable MFA for admin accounts
- Set account lockout policy
- Configure audit logging
- Review and update regularly
Related Topics
- System Settings - System configuration
- User Management - User security
- Authentication & Authorization - Auth implementation
Need help? Ask in GitHub Discussions.