The highlighted information on this page refers to functionality not yet generally available. It is available only in the Preview Sandbox environment.
As a system administrator, you can configure security preferences for your Workfront system. You can configure the following security areas in your system preferences:
- Rules for password and for resetting passwords.
- Access to Workfront from mobile apps and other applications.
- Rules for imbedding Workfront in an iframe.
Changes that you make in the system preferences impact all users in your system, and their experience with Workfront.
We recommend that you configure your system security preferences during the Workfront implementation and only occasionally revisit them afterwards.
To configure your system security preferences:
- Navigate to the Setup area in the Global Navigation Bar.
- Expand System, then click Preferences.
If you are modifying the System Preferences in the Preview environment, you have the following options:
- In the Security section, select any of the following fields to establish the security settings for your organization:
Force users to reset their password every ... days: This establishes the time frame for users to reset their Workfront password. By default, this option is disabled. When you enable it, you can choose between 30, 60, 90, 120, 180 days.
A recognizable dictionary word cannot be used as a password.
Don't allow users to set the same password as any of their previous ... passwords: This field prohibits users from reusing passwords for a set number of resets. By default, this field is disabled. When you enable it, you can set this value to 5, 10, or 15 resets before a password can be reused.
If an incorrect password is entered five consecutive times, lock the account for ... minutes: Select how long a user will be locked out of Workfront after entering an incorrect password five consecutive times. By default, this option is enabled, and the amount of wait time is 10 minutes. You can lock accounts for 10 minutes, 30 minutes, 1 hour, 8 hours, or 24 hours.
Manually resetting the password for the user overrides this default wait value.
Users can reset their own passwords when they are locked out via the login screen. For more information about how they can reset their password, if they forgot it, see "Forgot Password during Login."
Passwords must contain at least ... different types of characters: This determines how strong user passwords are required to be by allowing you to select the number of different types of characters required in your passwords. By default, Workfront requires that at least 2 of the following are present in passwords: uppercase characters, lowercase characters, numbers, and symbols. You can also require 3 of these characters to be present for a valid password.
Allow embedding of Workfront in an iframe: This option allows you to embed Workfront in an iframe. Displaying a web-based application like Workfront in an iframe makes Workfront susceptible to a Clickjacking security breach. This option is disabled by default.
Allow SAML 2.0 authentication in Office 365 add-ins: This option allows you to embed Workfront in an iframe only for Office 365 add-ins, when Workfront is integrated with a SAML 2.0 single sign-on solution. This option is enabled by default.
NOTE If you enable Allow embedding of Workfront in an iframe, the Allow SAML 2.0 authentication in Office 365 add-ins is grayed out and enabled.
Let people use Workfront's mobile applications and the Workfront Outlook Add-In: This allows users to access the mobile apps (Workfront View for iPad, and mobile phone apps), as well as the Workfront Outlook app. By default, this option is enabled.
For more information on Workfront View, see "Workfront View." For more information about the mobile apps, see "Workfront Mobile App." For more information about the Outlook plugin, see "Setting up the Workfront Outlook Add-in."
Collaborate with people without Workfront accounts by using email addresses: This allows Workfront users to share certain items with people without a Workfront account by including their email address instead of their name. The following items can be shared with an external user by using their email address:
- Document request
- Document approval
By default, this option is enabled.
Require external users to register with a password: If enabled, this option requires external users to register before they are able to view items in Workfront. By default, this option is disabled. When you enable this option, people without a Workfront account who are included in certain updates by their email address, will be prompted to create an account before they can view the item they are included on. This creates an External User account for them.
Automatically log users out after ...: This allows you to specify when a user is logged out of Workfront, after a period of inactivity. By default, users are logged out after 8 hours of inactivity. You can choose from the following settings:
- 15 minutes.
- 30 minutes.
- 1 hour.
- 8 hours (this is the default).
- 24 hours.
- 7 days.
This option also affects Workfront customers who are using a single sign-on solution.
Give Selected users or All users early access to features before they are released to the public: This is a deprecated feature that used to enable either selected users, or all users in Workfront to experience the features that are first released to Early Access. By default, this option is enabled, and only the system administrator is selected to view the early features.
For more information about Early Access, see "Understanding Early Access."
NOTE Selecting users for Early Access is a deprecated feature and has currently been removed from the Preview environment.
- Click Save.
The changes that you saved here affect the experience of all the users in Workfront and anyone who interacts with them as an external user.
The part about the Early access which is still open in production for now must be completely removed from this article in November, when R3 production releases.
Keep this on this article always:
**DON'T DELETE, DRAFT OR HIDE THIS ARTICLE. IT IS LINKED TO THE PRODUCT, THROUGH THE CONTEXT SENSITIVE HELP LINKS. **