Password and Authentication
1 Use security levels/passkey
OpenOlat has a a three-stage security concept:
Step 1: Password only
Step 2: Passkey only
Step 3: Passkey + Password
Switching on activates the option for level 2 and 3 and the other configuration options for administrators are displayed.
2 Start button for OpenOlat Login
By switching this on, a button is displayed on the login page instead of the input field for the user name, with which the input field can be called up.
If the primary login method is not the OpenOlat login, then the input field for the OpenOlat login should often not be displayed directly and prominently. An input field has a high prompt character and users immediately enter their (incorrect) login name instead of considering the other login options.
With a button next to other buttons (other login options), the decision for a specific login procedure is more considered.
3 Security level per role
The levels set here define the minimum requirement for the respective role.
4 Increase the security level yourself
With the "Increase security level yourself" option, account holders can decide for themselves whether they want to switch to a higher security level. It is not possible to downgrade below the minimum level set by the administrator.
If the security level has been increased by an administrator, the persons concerned will be asked to set up a passkey when they log in. This setting determines how often a user can skip this prompt.
Tab "Password Syntax"
As the administrator, you define here which criteria a password must fulfill. A minimum and maximum length must be defined.
Tab "Password change policy"
Here you can define how often users have to change their password and whether a password can be reused. The lifetime of the password can be defined for each role.
Tab "Password reset"
The password for several users (account list) can be reset here.