Secure the Management Console
Use this function to prevent unauthorized access to the Management Console and devices.
Configure the Local Password Policy
For security purposes, it’s good practice to set an expiry date on the Management Console login passwords. You can also configure the following settings:
- Lock the account when an incorrect password has been entered several times.
- Increase the minimum number of characters in a password.
- Require the use of uppercase letters and numbers in the password.
Configure the password policy in Update the Local Password Policy.
Please note the local password policy only applies to local administrators created in Local Admin User Accounts.
For external users, the policy configured by the external authentication providers (LDAP/Kerberos/OIDC) is used.
Enable Account Lockout
You can specify the number of times a user can enter an incorrect password when logging in on the operation screen of the device. When you exceed the specified number of retry times, the account is locked, and you cannot log in to the device.
You can also specify the period to wait before the account is unlocked and can be used for login again.
Click [System] → [Server Settings] → [Delegation Server Settings]. Configure [Threshold] and [Lockout Duration].
For details about the setting items, refer to Delegation Server Settings.
The LDAP server's lockout policy applies to the externally identified users.
Disable Local Authentication
You can specify whether or not to prohibit the creation of local users. By centralizing the management privileges of user information to an external authentication server, you can prevent changes to information that were unintended by the system administrator.
To disable local authentication, change the [Enable Local Authentication] setting in [System] → [Server Settings] → [User Management and Accounting Settings].
For details about the setting items, refer to User Management and Accounting Settings
For details about local users, refer to Create User Accounts.
