Only users that are assigned an admin profile can access this Security page. This functionality allows the site administrator to configure the advanced security rules for the qTest Manager instance. These configurations are optional and can be disabled at any time.
From the Site Administration page, click on the SECURITY tab to access the Site Administration-Security page.
Account Login Management
The first checkbox is used to enable/disable the rule setup regarding password updates. Once this check-box is checked, the three subsequent options MUST NOT be empty:
- First option: specify the number of days after the date the current password was set, in which users are notified to change a password.
- Second option: determines the number of days since the date the current password was set, in which accounts with unchanged passwords are deactivated. For example, if the first field's value is 75 and the second field's value is 95, after 75 days since users set their current password, the system will send notifications to users to request password updates for the next 15 days until the password is changed. After 15 days of pending, if the password is still not updated, the associated account will be deactivated. The second value MUST be greater than the first value, otherwise, a red notification will be displayed.
- Third option: Dictates the number of distinct consecutive passwords users can possess. For example, if the third option's value is 8, the first eight passwords users set for their accounts MUST be different from each other but the ninth password can be identical to any of the first eight passwords. The subsequent cycles of eight distinct consecutive passwords continue in the same manner.
The second checkbox is used to enable/disable the rule setup with respect to valid login attempts. Once this checkbox is checked, the associated text field MUST NOT be empty and greater than 0.
The value of this option defines the number of valid login attempts with invalid passwords. For example, if this value is 5, it means that after five consecutive login attempts with invalid passwords, the user's account will be deactivated.
Upon the security rule being set, when the accounts are deactivated only the Site Admin has the authority to re-activate those accounts. After inputting all necessary values, the Site Admin should click the Save button to make them active.
qTest Manager tracks some key events for security purposes. You can export the audit logs to csv following these steps.
- Select the date range of the tracked events included in the exported file.
- qTest Manager starts tracking the event from the release of 8.4.6 (May 24th). Before that, there are no audited data, and this is why you can only export data from May 24th and afterward.
- Audit logs are retained for up to one year.
- Select which event types are included in the exported file.
- Click the Export button to download the csv file.
Mail Recipients Management
The Site Admin can manage which external emails qTest Manager are able to send to, using a semicolon (;) to separate them. External emails are not associated with any active qTest Manager users. qTest Manager notification emails, user invitation emails, and other emails which are sent to qTest Manager users are not blocked.