The Manager application offers the ability to define access and security preferences to make it easier and safer to manage the access and security of the users.

To access the preferences, click Access and Security under Manager application.

1 My Password Policy
- 1.1 Password Policy Requirements
2 Session Timeout
3 Disable Inactive Users
4 Blacklist Removal
5 Permitted Login Hours
6 Allowed IPs

My Password Policy

Reset All Passwords

Using the "Reset all Passwords" tool, resets the passwords for all users in the organization and prevents them from accessing the various Galooli platforms until they undergo the identification and password change process.

The user must have "Full" level permissions in the Access & Security category in order to be able to click the “Reset All Password” button.

In the case of a global user, the system will reset all passwords for all organizations to which the user has access.

Password Policy Requirements

The password policy defines the rules for setting user passwords.

The rules are as follows:

Enable password expiration in X days - This sets the maximum amount of days required for password refresh. Once the user exceeds the number of days, they will be forced to select a new password to access the system. The default is set to 180 days (6 months) which is the maximum period.
Enforce minimum password length - The default is set to 8, but this can be made shorter or longer
Require at least one uppercase letter - Default active
Require at least one lowercase letter - Default active
Require at least one number - Default active
Require at least one non-alphabetic character - Default active

Session Timeout

A session timeout feature of the system allows you to specify a time before non-active users should log out of the system, thereby maintaining the security of the system.

Feature Specifications:

This feature is activated by default for 60 minutes, however it is possible to edit the time and the feature activation.
The maximum time is 1440 minutes, and the minimum time is 15 minutes.
This definition is at the organizational level rather than at the user level.
A global user who has access to more than one organization will be obligated to the organization with the minimum number of minutes.

Disable Inactive Users

Disable inactive users is a security feature that allows you to disable users who have not logged in to Galooli solution for a specified period of time. A disabled user cannot log in to Galooli solutions until another user grants access to the user.

You can find more information about the consequences of the action by clicking here.

Feature Specifications:

The feature is active by default to 92 days.
The maximum period of time is 92 days, and the minimum period is 30 days.
A global user who has access to more than one organization will be obligated to the organization with the minimum number of minutes.
An email notification will be sent to the user who has been disabled as a result of this automatic mechanism.

A user who is authorized to grant access to a disabled individual must have full access to the "Access and Security" tool.

Blacklist Removal

If you have any suspicion that you do not receive email messages from Galooli or your provider please follow the next link in order to solve the issue.

A feature that allows the administrators to restrict access to the system on certain days and hours.

The restriction applies to all users in the organization. If necessary, managers can also be restricted.

To create the restrictions, mark the days and hours in the table and make sure that the color of the row has changed. You can deploy the limit to all days by clicking on the "Apply to all days" button.

When a user tries to log in during the restriction. He will be notified by the system that this cannot be done and the reason why it is not possible

Allowed IPs

To increase information security in the organization, a feature has been developed. This feature allows managers to define that the process of logging into Galooli systems must be carried out exclusively through the internal network of the organization. This is done by specifying a list of public IP numbers from which the system can only be accessed.

This feature allows the organization to decide whether system users will be required to connect from a dedicated IP address. If you choose to use this feature, the system will check the user's IP address every time he or she attempts to log in, and accordingly, allow or deny access.

Various applications of Galooli Solution are affected by this feature.

In order to use this feature click on the “Enable” button, and enter the IP address.

There is the option of entering IP addresses one by one or locking a range of addresses. Ranges are defined with the addition of a mask that follows the IP address with a “/”.