top of page
Security

Security Settings

Comprehensive Security Management

In OIBIS, security management allows a company to enable or disable two-factor authentication (2FA) for enhanced login protection. When 2FA is enabled, users must enter a One Time Pin (OTP) sent via email after providing their username and password. The system implements a progressive lockout mechanism for multiple invalid login attempts, escalating from a temporary lockout to permanent lockout requiring administrator intervention. Administrators can unblock users by resetting their password using an OTP. Additionally, users can reset their passwords or security questions themselves with an OTP, ensuring robust security while maintaining user flexibility.

An administrator switches two-factor authentication (2FA) on or off, which affects the entire company

Screenshot of OIBIS account settings page under the COMMON tab for capturing company information.

1

1

An administrator can switch 2FA on or off at a company level under "Account settings". If switched on, users are required to enter a One Time Pin (OTP) after entering a valid username and password.

A user enters a One Time Pin (OTP) to log into OIBIS

Screenshot of OIBIS login page with a popup for entering a one-time pin (OTP) for security.

1

1

With 2FA switched on at a company level, users are required to enter the OTP that was emailed to them after entering their username and password.

A user resets their password or answers to security questions

Screenshot of OIBIS page where user selects to update their password and security questions.

2

1

1

If a user chooses to reset their password and/or answers to security questions, they would select the "Security settings" option from their profile settings dropdown.

2

The user would then enter the OTP that was emailed to them.

Screenshot of OIBIS right-side panel where user can change their password and security questions.

1

1

2

1

If a user chooses to reset their password they would enter the new password twice.

2

The user can also select to change one or more security question answers.

A user who repeatedly attempts to log into OIBIS with incorrect credentials will ultimately be blocked

Screenshot of OIBIS login page showing a popup for 5-minute lockout due to invalid login attempts.

1

1

If a user enters invalid credentials three times, the user's account will be locked for 5 minutes.

Screenshot of OIBIS login page showing a popup for 10-minute lockout due to repeated invalid logins.

1

1

If the user enters invalid credentials three more times after their first attempt, the user's account will be locked for a further 10 minutes.

Screenshot of OIBIS login page showing a popup indicating the account is blocked and needs admin help.

1

1

If the user enters invalid credentials three more times after their second attempt, the user's account will be blocked, which will require them to contact their administrator to unblock their account.

A user contacts their administrator for help in unblocking their account

Screenshot of OIBIS user data screen where the admin selects a blocked user for further actions.

1

1

The administrator double-clicks the user's account that needs to be unblocked.

Screenshot of blocked user details in OIBIS with admin clicking reset and OTP request dialog open.

2

1

1

2

The administrator clicks the reset icon to unblock the user's account.

An OTP email would have been sent to the user. The administrator requests the OTP from the user, which verifies the legitimacy of the user. 

Screenshot of confirmation dialog in OIBIS after admin enters OTP to reset blocked user's password or security questions.

1

1

The user requests that just their password should be reset. The administrator clicks the "YES" button, which sends a temporary password email to the user. 

Screenshot of OIBIS login page with dialog requesting blocked user to answer three security questions.

1

1

After the user enters their username and temporary password, the user is required to answer three randomly selected security questions in order to proceed to enter their new password.

bottom of page