Settings

Security

Instance-level security policy — sessions, lockout, password history and expiration.

What you see

The Security page (entry Settings → Security in the sidebar) groups the instance security policy into four blocks. The audience is the System Administrator role; Operators do not see this page.

Each block carries an enable toggle + a numeric input. The platform enforces the configured rules at user creation, password update and sign-in time.

BlockWhat it controlsRange
Session timeoutMaximum inactivity time before the session expires. A separate checkbox (Allow inactivity in On air view) lets you keep the On air endpoint alive even when the operator is not interacting.15–60 minutes
Account lockout policyConsecutive failed sign-ins before the account is locked. The lock surfaces as SECf017 and only a System Administrator can unlock.3–10 attempts
Password history enforcementDepth of the recent-password history. The policy rejects reuse within that window with SECf019.3–10 entries
Password expiration policyWindow after which a password must be rotated.1–999 days

How it is updated through the API

The page persists the settings via:

ActionAPI operation
Read the current policygetSecurityPreferences
Update the policyupdateSecurityPreferences

CRUD requires the System Administrator role. See API → Authentication for the bearer-token lifecycle used by callers.

  • Users — the account catalogue and how the password policy is enforced.
  • Licenses — the licence model and how a license file is uploaded.

FAQ

Copyright © 2026