POST /system/authorization/settings

Updates the Authentication Settings.

Updates the Authentication Settings. Changes to these values take effect immediately, but are not retroactive. For example, a change to the inactivity_timeout setting will not change the inactivity timeout for currently logged in users.

When setting the account_lockout and host_lockout fields simultaneously, consider how they will operate. e.g. if the account based lockout configuration is less restrictive than the host based lockout configuration, a single host will be able to attempt to log in with multiple accounts before the IP address of the caller is locked out. Also, if users of the system are behind a proxy, consider disabling the host based lockout and enabling the account based lockout.

Table 1. POST /system/authorization/settings resource details
MIME Type
application/json

Table 2. POST /system/authorization/settings request parameter details
Parameter	Type	Optionality	Data Type	MIME Type	Description
fields	header	Optional	String	text/plain	Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 3. POST /system/authorization/settings request body details
Parameter	Data Type	MIME Type	Description	Sample
body	Object	application/json	The new Authentication Settings.	{ "account_lockout": { "attempt_window": 42, "duration": 42, "maximum_failures": 42 }, "allow_logon_page_password_autocomplete": true, "concurrent_session_limit": 42, "display_login_history_after_login": "String <one of: ALWAYS, NEVER>", "host_lockout": { "attempt_window": 42, "duration": 42, "maximum_failures": 42 }, "inactivity_timeout": 42, "ip_whitelist": [ "String" ], "login_history_retention": 42, "logon_message": "String", "persistent_session_timeout": 42, "require_logon_message_acceptance": true }

Table 4. POST /system/authorization/settings response codes
HTTP Response Code	Unique Code	Description
200		The settings were updated.
422	56201001	The value in the inactivity_timeout field must be a positive integer
422	56201002	The value in the persistent_session_timeout field must be a positive integer
422	56201003	The value in the concurrent_session_limit field must be a positive integer
422	56201004	The value in the host_lockout.maximum_failures field must be a positive integer
422	56201005	The value in the host_lockout.attempt_window field must be a positive integer
422	56201006	The value in the host_lockout.duration field must be a positive integer
422	56201007	The host_lockout settings was partially set. All settings must be enabled or disabled, but a field was null
422	56201008	The value in the account_lockout.maximum_failures field must be a positive integer
422	56201009	The value in the account_lockout.attempt_window field must be a positive integer
422	56201010	The value in the account_lockout.duration field must be a positive integer
422	56201011	The account_lockout settings was partially set. All settings must be enabled or disabled, but a field was null
422	56201012	The value in the login_history_retention field must be a positive integer
422	56201013	The values in the ip_whitelist field could not all be parsed as IP addresses
422	56201014	The logon_message field cannot be an empty string
422	56201015	The require_logon_message_acceptance field must be set if the logon_message field is set

Response Description

Returns updated the settings.

inactivity_timeout - Long - The length of time, in milliseconds, of inactivity before the UI will log out a user. This value is truncated to minutes.
persistent_session_timeout - Long - The length of time, in milliseconds, that a user session is persisted. This value is truncated to minutes.
concurrent_session_limit - Long - The number of times a single user can be logged in simultaneously.
ip_whitelist - Array<String> - The list of IPv4 or IPv6 addresses that are exempt from being locked out of the system.
host_lockout - Object - The host_lockout represents specific lockout settings for failed login attempts from a single source. If multiple failed login attempts from a single host are detected, that host will not be allowed to make additional login attempts for a period of time. To disable the host_lockout, set this field to null.
- host_lockout.maximum_failures - Long - The maximum number of failed login attempts during the attempt_window.
- host_lockout.attempt_window - Long - The length of time, in milliseconds, during which a maximum number of login failures can occur before the system is locked. This value is truncated to minutes.
- host_lockout.duration - Long - The length of time, in milliseconds, that the system is locked if the maximum login failures value is exceeded. This value is truncated to minutes.
account_lockout - Object - The account_lockout represents specific lockout settings for failed login attempts for a single account. If multiple failed login attempts for a single account are detected, that account will not be allowed to make additional login attempts for a period of time. To disable the account_lockout, set this field to null.
- account_lockout.maximum_failures - Long - The maximum number of failed login attempts during the attempt_window.
- account_lockout.attempt_window - Long - The length of time, in milliseconds, during which a maximum number of login failures can occur before the system is locked. This value is truncated to minutes.
- account_lockout.duration - Long - The length of time, in milliseconds, that the system is locked if the maximum login failures value is exceeded. This value is truncated to minutes.
logon_message - String - The message that will appear on the logon page. If this field is unset (null) then require_logon_message_acceptance is set to false.
require_logon_message_acceptance - Boolean - Set this option to require a user to "accept" the message on the logon page before being allowed to authenticate. This field is ignored if logon_message is not set.
allow_logon_page_password_autocomplete - Boolean - Select this option to enable the browser autocomplete option for the logon page password field. Disabling this option might not prevent some password managers from autocompleting the password field.
display_login_history_after_login - Enumeration: <ALWAYS|NEVER> - Set this option to have a Login History interstitial pop up after login. Values are:
- ALWAYS - Always show the Login History interstitial
- NEVER - Never show the Login History interstitial
login_history_retention - Long - The length of time, in milliseconds, that the Login History is retained. This value is truncated to days.

Response Sample


{
    "account_lockout": {
        "attempt_window": 42,
        "duration": 42,
        "maximum_failures": 42
    },
    "allow_logon_page_password_autocomplete": true,
    "concurrent_session_limit": 42,
    "display_login_history_after_login": "String <one of: ALWAYS, NEVER>",
    "host_lockout": {
        "attempt_window": 42,
        "duration": 42,
        "maximum_failures": 42
    },
    "inactivity_timeout": 42,
    "ip_whitelist": [
        "String"
    ],
    "login_history_retention": 42,
    "logon_message": "String",
    "persistent_session_timeout": 42,
    "require_logon_message_acceptance": true
}