MicroStrategy ONE

Edit Password and Authentication Settings

You can view and edit server-level security settings for passwords and authentication.

The ability to view or edit certain settings is determined by a user's privileges. All necessary privileges are included in the Administrator role by default. You must belong to the System Administrators group to use this feature.

  1. Open the Workstation window.
  2. In the Navigation pane, click Environments.
  3. Right-click a connected environment and choose Properties.

    Choose Get Info if you are using a Mac.

  4. In the left pane, click Security Settings.

Fields

Password Settings

Security Level Security Level includes the following password settings. It provides four sets of predefined setting values for the administrator to use. These are Default, Low, Medium, and High. Select Customize from the drop-down list to view the following settings for a customized configuration.

  • Lock after (failed attempts) Specify the number of failed login attempts allowed. Once a user has this many failed login attempts in a row, the user is locked out of the MicroStrategy account until an administrator unlocks the account. Setting this value to No Limit indicates that users are never locked out of their accounts. The default setting is No Limit.
  • Allow lockout duration (Minutes)Set a the amount of time in minutes to lock an account after a user fails to log in a certain number of times, as specified in Lock after (failed attempts). The minimum value is 15. The maximum value is 525960. The default value is No Limit and indicates there is no time limit to account lockout.

  • Allow user login and full name in password When this option is disabled, Intelligence Server ensures that new passwords do not contain the user's login or part of the user's name. This option is enabled by default.
  • Allow rotating characters from last password When this option is disabled, Intelligence Server prevents users from using a password that is a backwards version of the old password. This option is enabled by default.
  • Minimum password length The minimum password length. The minimum value is 0. The maximum value is 999. The default value is 0.
  • Minimum upper case characters in password The minimum number of upper case (A-Z) characters that mist be present in users' passwords. The default value is 0.
  • Minimum lower case characters in password The minimum number of lower case (a-z) characters that must be present in users' passwords. The default value is 0.
  • Minimum numeric characters in password The minimum number of numeric (0-9) characters that must be present in users' passwords. The default value is 0.
  • Minimum special characters in password The minimum number of non-alphanumeric (symbol) characters that must be present in users' passwords. The default value is 0.
  • Minimum number of character changes in password The minimum number of character changes. The minimum value is 0. The maximum value is 999. The default value is 3.
  • Number of past passwords remembered The number of each user's previous passwords that Intelligence Server stores. Intelligence Server prevents users from using a password that is identical to one they have previously used. The minimum value is 0. The maximum value is 999. The default value is 0.
  • Hash iterations for password encryption Select the number of iterations that a password is hashed. This provides even greater security on top of the algorithm by iteratively hashing the hash a configurable number of times. The minimum value is 1000. The maximum value is 1000000. The default value is 10000.

Authentication Settings

Update pass-through credentials on successful login Select to update or disable updating the user's database credentials, LDAP credentials, on a successful MicroStrategy login.

Use public/private key to sign/verify authentication token Enable this toggle button to use a public or private key to sign or verify a token. This requires the setup of a public or private key. This option is disabled by default.

Token Lifetime (Minutes) The lifetime, in minutes, of the token. The minimum value is 1. The maximum value is 99999. The default value is 1440.

Content Settings

Enable custom HTML and JavaScript content in dashboards Enabling this option allows users with the appropriate access to display third-party Web applications or custom HTML and JavaScript directly in the dashboard. This option is enabled by default. Although the ability to display Web applications or custom HTML and JavaScript directly in a dashboard is governed by user privileges, MicroStrategy recommends disabling these features to ensure a secure environment.

Allow URLs for Export

Administrators can specify which URLs or URL paths are permitted when fetching content to be included in an export. This concept, where only certain URLs are permitted, is largely referred to as whitelisting.

If the URL is permitted by any of the specified URLs in the whitelist, then the information is retrieved. The wildcard character (*) is allowed in the whitelist as part of the URL. This allows you to have one URL in the whitelist that encompasses many target URLs.

Certain URLs typically used by the MicroStrategy product are included by default. This includes the default locations for maps, images, visualizations, and so on. When adding your own URLs, take the following information into consideration:

Relative paths are case sensitive.

  • Include URLs external to your own domain where you know content is required.

  • Avoid specifying the URL of the local machine where the MicroStrategy product is running.

  • If you must use the local MicroStrategy server machine to host content, specify the exact location on the machine for the content.

    For example, if you want to place an image in a particular location on the MicroStrategy server, use the URL https://my_machine/images so only the images folder can be accessed.

  • A relative path, such as ./images/, can be specified. This specifically accesses a resource in the Intelligence Server installation folder, < Install_Path>/images.