Create a Security Policy

Who can complete this task? Vault Admin designated as Domain Admin

Password security policy settings control password requirements, expiration period, reuse policy, account lockout policy, and delegated authentication via salesforce.com.

See Set Up Single Sign-On for information on SSO security policies.

Important Security policies apply across all Vaults in a multi-Vault domain.

Create Password Security Policy

To create a password security policy:

  1. Navigate to Admin > Settings > Security Policies and click Create.
  2. Select Password as the authentication type. Make selections for the password policy.
    • Password Requirements: Set the checkboxes to indicate which characters users must include in their passwords: number, upper-case letter, non-alphanumeric character (symbol).
    • Minimum Password Length: Select the minimum number of characters that users must include in their passwords.
    • Password Expiration: Choose how often user passwords should expire. When a user’s password expires, Vault prompts the user to create a new password.
    • Password History Reuse: Choose whether Vault should prevent a user from reusing the same password, and whether to store the past three or five passwords.
    • Password Reset Daily Limit: Choose if the daily password reset for a given user should be unlimited or restricted to a specific number of resets within a 24 hour period.
    • Account Lockout Duration: Account is locked after 5 unsuccessful consecutive password entries. Select the time the account should remain locked. Select permanent if the account remains locked until the password is successfully reset.
    • Require security question on password reset: Set the checkbox to require that users create a security questions and answer the question when resetting their passwords. After enabling this setting, Vault will prompt all users to create the security question the next time they log in. Answers are not case-sensitive.
    • Allow browsers to save and autofill password field on the login form: When this setting is on, users can choose to save passwords to a password manager or to their browser. When the setting is off, Vault prevents this.
    • Allow device-enforced access: Enable this setting to allow users to use their device authentication (biometrics or passcode) to refresh their Vault authentication in the mobile app up to the configured duration (4 weeks by default). After that duration has passed, users are required to manually re-enter their credentials to re-authenticate. This setting is only available for Password security policies or SSO security policies that do not have an associated OAuth profile with vaultmobile in the Client Application mapping table because OAuth configurations can leverage the IDP’s refresh token. It is best practice when inactivating a user’s IDP access to also immediately inactivate their Vault access to prevent any extended access from their browser or mobile app sessions.
    • Allow login via salesforce.com: Select the checkbox to allow users who are logged into Salesforce.com or Veeva CRM to access Vault without logging in again. When this checkbox is selected, you must specify your company’s salesforce.com Organization ID.
  3. Click Save.

Inactivate a Security Policy

  1. Navigate to Admin > Settings > Security Policies and open the security policy you want to inactivate.
  2. Click Edit.
  3. Change the Status to Inactive.
  4. Click Save.

Delete a Security Policy

  1. Navigate to Admin > Settings > Security Policies and open the security policy you want to inactivate.
  2. Select Delete from the All Actions menu.
  3. Click Continue to confirm.