Managing System Security
Staff Manager has advanced security measures in place to protect user and patient data. You can configure Staff Manager security to the level required for your organization.
In organizations using single sign-on for security, Staff Manager user accounts are tied to their corresponding network accounts and all Staff Manager login dialog boxes are bypassed. Changing user passwords in Staff Manager has no effect on users' network accounts.
Configurable Security Features
- User password strength (such as what characters passwords should contain and how long passwords should be)
- Automatic checking of password strength settings at login
- Password expiration (requiring users to change their passwords after a selected period) with attendant password expiration warnings
- Automatic lock-down of user accounts due to excessive password entry retries or account inactivity
- Administrator ability to lock or unlock user accounts.
- Administrator ability to clear passwords.
- Security questions to bypass password entry if users forget their passwords
- Enhanced audit trail support of security functions
- User account logins
- Application activity on a profile or security group level
- Tracking of and reporting on additional action types, including user account login history
These security features are spread throughout the three main Staff Manager applications: Staff Manager Administrator, Staff Manager Client, and Clairvia Web.
Security in Staff Manager Administrator, Staff Manager Client, and Clairvia Web
Administrators use Staff Manager Administrator to:
- Create user accounts and security groups
- Assign users to security groups
- Lock and unlock user accounts
- Manage user and group permissions
- View the Audit Trail
Administrators use Staff Manager Client to:
- Maintain information on employees and schedules
- Control employee access to information via employee permissions
Administrators use Clairvia Web to:
Configuring Password Security
Only Enterprise Admin users can configure password security. Complete the following steps to set the level of password security for all Staff Manager users.
- From the Configure menu, select App Settings > Password Management. This opens the Password Management page.
- Enter a value for the Password must be at least X characters long option. The more characters a password has, the more secure it is. Suggested values are from 6 to 10 characters; the maximum length is 32 characters. Entering a value of zero (0) turns this feature off.
- Select at least two of the three options under Password must be a combination of (select at least two).
- Letters: Selecting this box means passwords must contain any of the 26 letters of the alphabet.
- Numbers: Selecting this box means passwords must contain at least one number from 0 to 9.
- Special characters: Selecting this box means passwords must contain at least one special character such as !, @, #, and $.
- It is recommended that you select Password cannot contain user login name, first name, or last name. This makes passwords more secure by preventing users from creating passwords containing their first, last, or login names.
- Enter a value for the Expires in X days option. Changing passwords on a regular basis increases security. Suggested values are from 30 to 180 days. Entering a value of zero (0) turns this feature off.
- Enter a value for the Expire warning within X days option. Entering a value in this option alerts users when their password is going to expire. Suggested values are from 3 to 10 days. Entering a value of zero (0) turns this feature off.
- Enter a value for the User is locked out after X failed attempts option. Entering a value in this option makes the application more secure by preventing unlimited login attempts by unauthorized personnel. Suggested values are from 3 to 5 attempts. Entering a value of zero (0) turns this feature off.
- Enter a value for the User is locked out after X days of inactivity option. Entering a value in this option makes the application more secure by preventing unlimited access over time. Suggested values depend on how often users expect employees to log into the application; some facilities might lock users out after 7 days of inactivity, while other facilities might lock users out after 30 days of inactivity. Entering a value of zero (0) turns this feature off.
- If you want, you can select Enable user security questions. This lets users answer security questions to give them access to the application if they forget their passwords.
- Click Save Changes to save your changes or Reset to restore the original settings.
Using the Account Maintenance Page
Depending on the way your organization configured security, users can be locked out of the application due to multiple failed password entries or lack of activity. Administrators can use the Account Management page to unlock user accounts; they can also review detailed information about the locked out user account.
Unlocking User Accounts
- From the Tools menu, select Account Maintenance. This opens the Account Maintenance page.
- Select the box beside the user account or accounts to be unlocked.
- Click Unlock User Account.
- Click OK to confirm unlocking the selected account or accounts.
Unlocking a user's account also clears their current password. The user has to create a new password the next time they log in.
Reviewing Information on the Account Maintenance Page
The Account Maintenance page provides administrators with the following information concerning locked user accounts.
- Full Name: The user's first and last name (such as SMITH, MARY)
- User Account: The user's login name (such as MSMITH)
- Action Type: Locked Out
- Action Date: The date and time the user's account was locked
- Last Login Date & Time: The date and time of the user's last successful login
- Security Group: The security group the user's account is assigned to. If the user has not been assigned to a security group, this column will read Unassigned Users.
- Home Profile: The user's primary home profile, if the user is mapped to an Employee record in Staff Manager
- Password Exists: This column will read Y if the user had a password or N if the user did not. Unlocking users' accounts will clear any passwords; they will need to create a new password during their next login.
You can sort account information in any column by clicking on the column title. Clicking once sorts the information in ascending order; clicking again sorts it in descending order.
Related Topics