Configuring Security Policies
Workbooks provides several ways for users to authenticate when they sign in. Security Policies define which methods are allowed in your account, and configure specific aspects of each method where appropriate.
Password login
The default authentication mechanism in Workbooks is via a password. If you prefer, you can refine these requirements to suit your security needs by clicking on Password Policy, including how frequently Users passwords expire and whether or not passwords can be reused and whether you want users to have the option to click Forgotten Password on their login screen.
By default a Workbooks password must:
- be 8 or more characters in length.
- use both upper and lower case alpha characters.
- include at least one number and one special character (such as @ or #).
We recommend using a form of multi-factor authentication, and we integrate best with Microsoft.
Google login
Authentication via Google reduces the need for users to enter their password. When they first login via Google they will be prompted for their Workbooks login name (email address) and password, to associate their Google identity with their Workbooks user. From then on they can sign in to Workbooks with just one click on the ‘Login using your Google account’ button.
Note: if Password login is disabled, users can still login via Google but they will need to know their password to be able to associate their Google identity with their account the first time.
Microsoft login
If your organisation subscribes to Microsoft’s Azure Active Directory service, then you can configure Workbooks to allow logins via Microsoft Login. You may already have an Azure Active Directory tenancy via another Microsoft service such as Office 365.
If your organisation does not use any Microsoft Azure services, but does have on-premises Microsoft Active Directory then you can also subscribe to Microsoft Azure Active Directory and configure Azure Active Directory Connect to synchronise identities between Active Directory and Azure.
Granting Workbooks permission to act on behalf of your users in Azure will enable them to login without ever being prompted for a password. In fact, this is the most secure authentication mechanism, and we would recommend that you disable Password and Google authentication in Workbooks so that there is no reliance on passwords.
The benefits of Workbooks integration with Microsoft Azure Active Directory include:
- being able to disable users centrally, thus removing their access from Workbooks and any other services.
- being able to create users in Azure Active Directory, and for those users to be able sign into Workbooks immediately. Their Workbooks user account can be provisioned automatically from User Templates as they sign in. See ‘Configuring Microsoft Azure Active Directory integration‘ for details.
Additional sign-in security(Login Protection)
When a device is first used to sign into Workbooks from an IP address that the user has not used recently, Workbooks can email a link to the user. The user must click on the link to confirm that they are using the device, to permit the login to proceed.
Login Protection can be used with any of the other authentication mechanisms, and it adds another authentication factor by confirming that the user has access to their email account as well as being able to authenticate. We recommend that it is enabled.
Inactivity timeout
This section gives you the option to decide how long the system waits before signing a user out of Workbooks to ensure that if someone leaves their desk, their account won’t be used by another person. The Inactivity timeout picklist gives you options from 5 minutes all the way to 24 hours.
You can also decide how long the system is inactive before locking the screen. This won’t sign the user out, maintaining anything that they are currently working on in Workbooks, however they will need to sign back into Workbooks using their user account password.
NOTE: This option only affects accounts with Password Policies. It does not affect accounts that are configured to use multi-factor authentication (eg. Microsoft, Google)
Per-user controls
The Security Policies define the account-level controls for how users authenticate themselves to Workbooks. For finer-grained control, you can also enable and disable these policies on each User record.