With the 23.2.1 release of the AutoPlay system, we have enabled for specific password policies to be enabled at either a Dealership level, or a Dealer Group level.
Different users within the AutoPlay system have varying levels of access to their customers personal information, so policies can be set differently for Sales Team members, Managers or National level visibility. Applying a password policy will force a user to update their password after X amount of days, this will ensure that they are less likely to be compromised and allow malicious software or people access to the Personally Identifiable Information.
Provisioning
Access to these settings is restricted to an AutoPlay Employee user only, so please speak with your account manager if you would like these to be applied on your account or Dealer Group.
Admin > Studio Admin > Password Policies
- Select the Account or group to allow the Policy to be active on
- Group - Dealer Group setting
- Client - Specific AutoPlay Account
- Name - Give the setting a name that will be visible for Selection
- Active - Select if this setting should be currently active
- Active From - Select a data here if you would like for this setting to apply at a future time
- Password Policy Settings
- Minimum Length - Select the Minimum password characters
- Maximum Length - Set at a maximum of 64 characters
- Upper Case - Does the Password require an upper case character
- Lower Case - Does the Password require a lower case character
- Number Special Character - Does the Password require a special character character
- Password Expiry - how many days will a password be active for
- Password Re-Use - setting to no allow the same password to be set for x amount of resets
- Authentication Type - if there is a password policy active on an account, this will take over the My Company setting for Authentication
- Inactive User Policy - will remove a users access if they have not logged in within a specified time frame
- Inactive Threshold - after how long will a user be deactivation if they have not logged in
- Inactive Login Warning - when will AutoPlay start warning a user that they have not logged in and will be deactivated
As of 23.6.1 Release there is now also functionality to be able to have Trusted Authentication applied to an account. This will remove a users requirement to use an Authentication App or SMS, but still prompt for password on sign in. Trusted authentication can be set at 0, 7, 14 or 30 days.
Application
There is now a new drop down option available in the Company Details section of an AutoPlay account
Settings > Company Settings > My Company
Users that have access to this section (AutoPlay users or a user within an account with Company Admin access privilege's), will be able to select any option that had been provisioned and is available to their account.
User Policies
Individual users are able to have a policy applied to them
Settings > Company Settings > My Users > User > Account preferences
- A dropdown to choose between the Account Dealer setting, or ability to choose a different setting available to the account
- This tick box will for the user to change a password when they next log in. It will automatically be applied to a user if there is a 'Active From' date set on the policy.
Account Wide Update
There may be a scenario where an account would require all users to reset their passwords on their next authentication, this can be done from within the My Company menu extension