Arc XP Okta Security Policy
As part of its commitment to safety and security, Arc XP requires the following settings in Oktra:
enabling multi-factor authentication (MFA) on your Okta
enacting a 90-day password reset requirement and increasing complexity for passwords
enabling block mode for Okta ThreatInsight
Arc XP's Okta security requirements
Multi-factor authentication
Multi-factor authentication (MFA) is required for organization admins and enabled for all non-admin users by default. If you prefer to disable MFA for your non-admin users, you must contact Arc XP Customer Support.
Password requirements
The following password complexity requirements are enabled for all users.
Users must update passwords older than 90 days
Passwords must adhere to the following standards:
Contain a lower case letter
Contain an upper case letter
Contain a number
Not contain part of a user name
Not be one of your last four passwords
After 10 unsuccessful log in attempts, users are locked out for 60 minutes. After that time, users can attempt to use the self-service password reset option. If unsuccessful, you can contact Arc XP Customer Support.
While these password settings are automatically enabled for all users, admins have the option to configure password complexity settings for all users.
Block mode for Okta ThreatInsight
Block mode for Okta ThreatInsight limits or blocks authentication requests from what Okta deems are suspicious IP addresses. This feature is included with your Okta setup and better protects you from malicious players attempting to access your system.
If one of your users gets blocked by mistake, you can exempt certain IP addresses from the Okta ThreatInsight check. Block mode identifies suspicious IP addresses based on logins across Okta’s customer base, so it’s possible that Okta may be overly cautious and block an IP address that should have access. See How to exempt IP Addresses in Okta’s documentation.
If an organization admin can’t unblock the user, they can contact Arc XP Customer Support to have their IP address unblocked.
Configuring Okta security settings for users in your organization
This section provides links to Okta’s documentation for how to configure and manage various tasks within Okta.
Create a Group - use this task to create a login group for your organization
Create a Factor Enrollment Policy for a Specific Group - use this task to enable multi-factor authentication for specific groups
Exclude user from Okta Verify MFA - use this task to disable multi-factor authentication for a specific user
Deactivate MFA on Okta
Start by going to the Okta Admin Console.
Go to Security > Authentication.
Select the Sign On tab.
Select the Default Policy.
Click on the (Active) drop-down button and select Deactivate to disable MFA for your organization users.
Disable Factors Listed Under Extra Verification - use this task to disable a multi-factor authentication factor.
Note
Do not disable all MFA factors without first deactivating MFA (instructions in previous bullet). Failure to first deactivate MFA may lock out all users in your organization.
Reset MFA for End Users - use this task to reset multi-factor authentication for your users
Configure password settings - Configure the password authenticator | Okta
Reset a user password - use this task to reset a user’s password as an organization administrator
Users Blocked by Threatinsight and How to Allow IPs that are Blocked Login into Okta - use this task to remove the IP addresses of users who are blocked by Okta ThreadInsight
If you encounter issues or need further assistance, contact Arc XP Customer Support.
Configuring multi-factor authentication (MFA) using various authentication methods
Okta Verify
Google Authenticator
FIDO2
With FIDO2, you can complete the authentication process using the selected biometric method available on your system, such as Windows Hello, Touch ID, or fingerprint recognition.