Defining your customers' account configuration
Use the User account configuration page in Subscriptions Identity Settings to manage your customers' experience on your site. These settings include items like email verification, total active sessions, sign-in expiration, and account lockout settings.
As your news organization's subscription administrator, you need to implement stronger security measures for your customers.
You navigate to the Identity section in Subscriptions Settings to configure account lockout parameters. You limit failed login attempts to three before temporarily restricting customer access.
You also establish a 90-day automatic deletion policy for unused accounts, cleaning up your database and eliminating potential vulnerabilities.
Procedure
To define your user account configuration, complete these steps:
Navigate to Subscriptions > Settings > Identity > User account configuration.
Configure the following options:
Email verification - toggle on to require customers to verify their email before allowing login.
Active sessions - set the number of simultaneous active sessions a customer can have across devices. When a customer exceeds this limit, the system invalidates older sessions on a first-in, first-out basis during the next token refresh.
If you set the maximum number of sessions to 3, the following occurs: When your customer logs into their home desktop, phone, and tablet (in that order), they reach the maximum allowed sessions.
If they then log in with their work desktop, the system accepts this newest session. However, during the next token refresh, their oldest session (home desktop) receives an error message and becomes invalid.
User sign-in expiration - set how long customers can remain logged in before the system forces them to re-authenticate.
Account lock out - configure the number of failed login attempts and the number of minutes before the account is unlocked when it reaches the maximum number of failed login attempts.
Automatic account deletion - toggle on to set the following:
Days of idle time - enter the number of days an account can remain idle before the system automatically deletes it.
Owner contact attempts - select cadence (Weekly or Monthly) and how many times the system must perform to contact the account owner.
Unused account deletion - enter the number of days an account can remain inactive (never logged in to or verified through email) before the system automatically deletes it.
Important
Deleting an account is a permanent action and cannot be undone.
Click Save.