Skip to content

Security Setting⚓︎

1 Authentication Security⚓︎

  • Click Authentication Security button at top of the page,then enter the page of authentication security.
  • The Authentication Security page primarily configures the authentication security settings for JumpServer users. This includes settings such as Multi-Factor Authentication (MFA) and notifications for user logins from remote locations.

security01

  • Detailed Parameter Description:
Parameter Description
Enable authentication code of login Enable authenticaton code to prevent for Bot login
Enable additional factor for login authentication Send the password and additional code together to a third-party authentication system for verification, for example, some third-party authentication systems require a combination of password and 6-digit code for authentication
Automatic disable for inactive users (Days) Check once a day, and automatically disable inactive users who exceed the predefined inactive period
Remote login notification Based on the login IP, determine if it belongs to the user's usual login city. If not, send a remote login notification email to the user's email address
Enable MFA authenticaton in global setting You can configure MFA to be disabled、 enabled for all users、 or enabled only for administrators
Enable Multi-Factor Authentication (MFA) for Third-Party Authentication Support MFA authentication for users using OIDC, CAS, and SAML2 authentication methods
Expired setting of user password Users are required to update their passwords mandatory every how many days;
If users do not update their passwords within this period, their passwords will expire and become invalid;
Password expiration reminder emails will be automatically sent to users by the system every day during the 5 days before their password expires
MFA Verification Validity Period View the MFA validity period for account password verification during MFA authentication
Login Restrictions Configuration of User Login Policy
Password Strength Rules Configuration of User Password Strength Rules

2 Login Restrictions⚓︎

  • Click on Lonin Restrictions button at top of the page,then enter the page of Login Restriction.
  • The login restrictions page contains a series of settings for user login the JumpServer.

security02

  • Detailed Parameter Description:
Parameter Description
Limit the number of login failures for users Users can make a maximum number of failed login attempts before being locked out for a period of time
Disable User Login Interval (Minutes) After the user reaches the limit of failed login attempts, login attempting is disabled during this interval
Limit the number of login attempts per IP After reaches the limit of failed login attempts with same IP, login attempting is disable during this interval
Prohibit IP login interval (minutes) When the number of failed login attempts reaches the limitition, login is prohibited within this interval
White list of login IP Allowed those IP addresses to login JumpServer
Black list of login IP Not allowd those IP address to login JumpServer
Allow only one device to login 用Automatic logout of other devices once a user logs in on a new device
Allow only existing users to login If enabled, non-existent users will not be allowed to log in;
If disabled, users from authentication methods other than local authentication will be allowed to log in and will be automatically created if they do not exist
Allow login only from the specified user source If enabled, users will only be authenticated against the specified user source when loggin;
If disabled, users will be authenticated against all enabled authentication methods in a specified order when logging in. Once one authentication method is successful, the user can log in directly

3 Password Security⚓︎

  • Click on Password Security button,then enter the page of password security setting.
  • The Password Security page is a series of settings for user password rules.

security03

  • Detailed Parameter Description:
Parameter Description
User Password Expiry Period (Day) If users do not update their password within this period, their password will expire and become invalid;
Password expiration reminder emails will be automatically sent to users by the system every day during the 5 days before their password expires
Cannot use recent passwords when setting a new password When resetting a password, users cannot reuse their previous passwords from a specified times
Minimum Password Length Setting minimum password length for users
Minimum Password Length of Administrator Setting minimum password length for administrator
Must Include Uppercase Characters Passwords must contain uppercase characters
Must Include Lowercase Characters Passwords must contain Lowcase characters
Must Include Number Passwords must contain numbers
Must Include Special Characters Password Must contain special characters,e.g #$@% etc..

4 Session Security⚓︎

  • Click on Session Security button, then enter page of session security.
  • The Session Security page contains a series of settings for sessions.

security04

  • Detailed Parameter Description:
Parameter Description
Maximum Idle Connection Time (minutes) Assets will be automatically disconnected when the idle time reaches this configuration
Maximum Connection Time Assets will be automatically disconnected when the session time reaches this configuration
Enable Watermark After enable Watermark,Web session and video recording will include watermark
Session sharing Enabling session sharing will allow users to share connected asset sessions with others for collaborative work