To enable any of the following options, contact our Support team by submitting a new request at the bottom of this page, and we'll be glad to assist you in adding any of the below features.
Trusted and Restricted IP Addresses
You can provide Granicus with a list of known IP addresses you trust. We will store these IP addresses in your account and you can use this list in one of two ways:
- IP Address Restriction: You can limit administrator access to your Communications Cloud account to only the IP addresses and NetMask ranges in your trusted list. Using this feature ensures that all administrator logins are coming from a safe location identified by your agency. When an administrator attempts to access your account from an unknown IP address, the administrator will be denied access to Communications Cloud, and will see the following error message:
- IP Address Monitoring: Instead of restricting IP addresses for login, you can monitor login activity from IP addresses outside of your trusted locations. On the Administrator Login History Report, you can see the IP address for each login attempt, and a note as to whether the attempt was from one of your trusted IP addresses.
Password Auto Expire
This feature allows you to require administrators within your organization to change their password at a regular interval. Granicus recommends that administrators change their password every 60 to 90 days, but you can select exactly how often you want your administrators to change their Communications Cloud password using this feature.
Communications Cloud will automatically notify administrators 10 days prior to when their passwords expire, reminding them to change their password before then. Administrators will receive a reminder email each day for 10 days unless they change their password. The email reminder administrators receive will include the email address of the account for which the password requires resetting.
Once the password expires, Communications Cloud will not send additional reminders, but the administrator will not be able to login to Communications Cloud without resetting their password first. Password expiration requirements apply to both Communications Cloud administrations that log in through the user interface and Web Services users.
A standard security feature Granicus employs, are password strength requirements. Administrator passwords must be at least eight characters long and contain three of the following character types:
- Upper case letters
- Lower case letters
Passwords that do not meet these requirements cannot be saved, and the administrator will be prompted to enter a different valid password, if the password they entered does not meet the above requirements.
Some organizations require an even higher degree of security and password complexity than the above standard password requirements. If you would like to require administrators in your organization to have have more secure passwords, Communications Cloud can require new administrators and administrators that are resetting their passwords to have complex passwords. Requirements for complex passwords are as follows:
- At least 12 characters in length
- Include both upper and lower case letters
- Include at least one number
- Include at least one special character/symbol
Complex passwords comply with FedRAMP requirements. For more information, please review the FedRAMP Moderate Baseline documentation which outlines requirements, including complex password, here: https://www.fedramp.gov/assets/resources/templates/FedRAMP-SSP-Moderate-Baseline-Template.docx
Your organization also has the option to temporarily lock administrators out of Communications Cloud after a predetermined number of failed login attempts in a set amount of time. By default, an administrator's account is locked for 30 minutes after three unsuccessful login attempts from the same user ID and IP address within 5 minutes. You can also customize the number of login attempts and the time frame for locking an account (for example, ten login attempts within 60 minutes).
Once an account is locked, Communications Cloud will not send any communication to the administrator. To unlock the account, the administrator must either:
- Wait 30 minutes and attempt to re-login.
- Reset their password via the link on the login page.
Administrators do not have to wait 30 minutes to reset their password.
Inactivity Log Out
Administrators are automatically logged out if they have been inactive for 60 minutes, in order to prevent an unattended Communications Cloud session being accessed by an unintended user.
Viewing Login Attempts for Administrators
To keep track of when and where your account is being accessed, your organization also has the ability to view the login attempts for all administrators within your account. To view a report of login attempts for all administrators in your account:
- On the menu on the left side of your screen, click on Administrators.
- In the upper-right corner, click Administrator Login History.
The report details the administrator's email address, whether the login was successful or failed, the date and time of the login attempt, the IP address, the administrator's browser and browser version number, and their computer's operating system. The report also indicates whether the attempt from a trusted IP address, if you have provided a list of trusted IP addresses for your account to Granicus.