Account Security

Cloud CMS lets you configure account security to protect against intrusion, password hacks and denial of service attacks.  Many of these provisions are enabled by default but as an administrator of your platform, you are able to adjust these to implement the security policy you require.

Session Timeout

By default, when users authenticate to Cloud CMS, they are provided with an access token that is valid for 24 hours.  They are also given a refresh token.  After 24 hours, the access token expires and the end user will need to log in again.  API authentication will similarly expire after 24 hours at which point the refresh token can be exchanged to acquire a new access token.

As such, the default "session" timeout is 24 hours.  Cloud CMS provides configuration options to change this to:

  • unlimited - the session never times out
  • when the browser closes end the session
  • after 1 hour of inactivity
  • after 3 hours of inactivity
  • after 6 hours of inactivity
  • after 24 hours of inactivity

To edit these settings, log into Cloud CMS and go to the Settings page on the left-hand side.

Login Failures

You can limit the number of login failures and also prescribe a set amount of time that must expire before further login attempts are allowed once the limit has been reached.  By default, 3 login failures are allowed.  Once 3 login failures have occurred, Cloud CMS will block further login attempts for 15 minutes.

To edit these settings, log into Cloud CMS and go to the Settings page on the left-hand side.