Protect your portal from unauthorized access by managing your company's security preferences. By setting password requirements and session timeouts, you'll ensure your training content stays secure and compliant with your corporate policies.

See how it looks

Key features

• Enforce corporate password security policies
• Log out inactive users automatically

You need this to succeed

• Plan: Bigtincan Basic Content, Bigtincan Content, Bigtincan Elite, Bigtincan Essential, Bigtincan Standard, Bigtincan Standard Plus
• Roles and privileges: Company Administrator

Do this step by step

Configure password requirements

1. Click your user profile and select Administration.
2. Click Advanced Options on the left menu.
3. Click Login and passwords.
4. Update the following properties based on your company's needs:
   • Launch a URL link on login: Direct users to a specific web page when they first log in — great for onboarding resources, announcements, or company portals. You can also set the link to appear on every login, or enable "Launch the URL every time" to ensure it always opens when users access the platform.
   • Minimum password length: Set the shortest password your users are allowed to create. The minimum accepted value is 2 characters, but a higher number is recommended for better security.
   • Require complex passwords: Enforce stronger passwords across your organization by requiring users to include at least one uppercase letter, a lowercase letter, a number, or a symbol. At least three of these are required.
   • Numeric first and last characters: Control whether users can start or end their passwords with a number. Enable this to allow numeric characters in the first and last positions of a password.
   • Frequency of changing passwords: Limit how often users can change their password by setting a minimum number of minutes between changes. Set to zero if you want no restrictions.
   • Expire passwords: Require users to set a new password periodically by specifying a maximum password age in days. Set to zero if you don't want passwords to expire; the maximum allowed duration is 365 days.
   • Enforce password history: Prevent users from reusing old passwords by specifying how many previous passwords the system remembers. You can store up to 24 passwords, and users won't be able to recycle any of them. Set to zero to turn off password history enforcement.
   • Change password on first login: Prompt new users to create their own password the moment they first sign in. This is a best practice for ensuring each user takes ownership of their credentials right away.
   • Account lockout threshold: Define the number of failed login attempts allowed before a user's account is locked. The maximum value is 255 attempts. Setting this to zero means there are no limits — not recommended for security-conscious organizations. Account lockout duration: Choose how long a locked account stays inaccessible, in minutes. Set to zero if you want accounts to remain locked until an admin manually unlocks them. The default is 30 minutes, and the maximum is 1,440 minutes (24 hours).
   • Lockout email: Enter one or more email addresses to receive an automatic alert whenever a user's account gets locked out. Separate multiple addresses with commas so the right people always stay informed.
   • Change password on next login: Use this button to force all users company-wide to reset their password the next time they log in. This is a one-click action useful after a security incident or policy change.
5. Click Save to apply your changes.

Set a session timeout

The session timeout is a company-wide setting that applies to views of all content stored on the site, as well as any area of the portal while logged in.

1. Click your user profile and select Administration.
2. Click Company on the left menu.
3. Select General.
4. Scroll down to the Session Timeout section.
5. Select a timeout interval from the drop-down menu.
6. Click Save.