|
Access Control
Allow users to modify their passwords
This option allows users to modify their SecurityGateway account passwords via the My Settings page.
Display the "Forgot Password" link on the login screen
By default, a "Forgot Password" link appears on the login page, which can be used to email a link to the user to change their password. The link will be emailed to the address associated with the SecurityGateway user account. Clear this checkbox if you do not wish to display the "Forgot Password" link on the login page.
Display the "Show Password" icon for password fields
Each password field contains an eye icon that a user can click to see the password he has just typed into the field. Disable this option if you do not wish to allow your users to see their passwords.
Allow users to view and manage their own quarantine folders
When this option is enabled, users can view and manage incoming messages for them that were placed into quarantine. This allows them to reach the View My Quarantine page to release messages, delete them, and so on.
Allow users to modify their own quarantine settings
Click this option to allow each user to edit the quarantine settings located on the My Settings page.
Allow users to view a log of messages addressed to or from their account
This allows each user to view his or her account's message log via the View My Message Log link in SecurityGateway. All messages to or from that user's email address will be listed in the log.
Allow users to search and view archived messages addressed to or from their account
By default users can search and view archived messages addressed to or from their account. Clear this check box if you do not with to allow them to do this.
Allow users to delete archived messages addressed to or from their account
Check this box if you with to allow users to delete archived messages addressed to or from their account. This option is disabled by default.
Allow users to disable anti-spam tests for messages addressed to their account
Click this option if you wish to allow users to disable anti-spam testing on messages that are addressed to their accounts. When a user disables anti-spam testing for his or her account on the My Settings page, this will prevent the DNSBL, URIBL, Heuristics and Bayesian, and Outbreak Protection spam tests from being performed.
Allow users to disable "Account Hijack Detection" for their account
By default, users cannot control whether or not their accounts are exempt form Account Hijack Detection. Enable this option if you wish to allow users to control that option.
Allow users to enable Two Factor Authentication
Check this box if you wish to allow users to configure their account to require Two Factor Authentication when signing into their SecurityGateway account. When enabled, and the user signs in from a browser using a secure HTTPS connection, the Two Factor Authentication page will appear under their My Account options. Two Factor Authentication is an extra layer of security that requires you to enter both your password and a special security code generated by an authenticator app on your phone when signing in.
Require users to enable Two Factor Authentication
Check this box if you wish to require all users to use Two Factor Authentication when signing in. When this option is enabled, the first time a user signs in he will be presented with a Setup 2FA page.
Allow users to be remembered per device (requires HTTPS)
When this option is enabled, A "Remember me on this device" option will be displayed on the sign-in page whenever a user connects via a secure HTTPS connection. If a user checks the box, from that point forward he will be signed in automatically whenever he opens SecurityGateway on the same device, as long as simply closes his browser when he is finished rather than using the "Sign Out" option. If he signs out then he will have to sign in again the next time he connects. The user will be remembered for the number of days specified in the Number of days... option below. After that, he will be required to sign in again. This option is disabled by default.
Number of days users will be remembered (from 1 to 365)
When using the Allow users to be remembered per device option, this is the number of days that the user will be remembered before being required to sign in again. This is set to 30 days by default.
Defaults
Do not perform anti-spam tests for messages addressed to this account
Check this box if you wish to require This option governs the default setting of the user option of the same name on the My Settings page. When it is enabled, by default the server will not perform DNSBL, URIBL, Heuristics and Bayesian, and Outbreak Protection spam tests on messages addressed to the accounts.Disable "Account Hijack Detection" for this account
Disable "Account Hijack Detection" for this account
Enable this option if by default you wish to exempt accounts from the Account Hijack Detection feature. Exemption could be necessary for accounts that legitimately send high volumes of mail in short periods of time. You can set this option for individual accounts on the Account Settings page.
Automatically whitelist addresses user send mail to
This option governs the default setting of the Automatically whitelist addresses I send mail to option under each user's My Settings page. When that is enabled for a user, every address to which that user sends a message will be added to his or her addresses whitelist, reach via the My Whitelist link. This will help to ensure that future incoming messages to that user from those addresses will not get flagged as spam erroneously.
By default, all new passwords are required to be a minimum of eight characters and include at least one of each of the following:
•Upper case character
•Lower case character
•Number
•Special character (e.g. ;,_.?/-=)
There is a Do not require a strong password for this account option, located on the User Edit page, that you can use to exempt a user from this requirement.
When to display statistics graphs
Use this option to choose when the statistics graphs will be displayed on the Dashboard and Landing page. You can choose Automatic, Always, Manual, or Never.
Language
Use this drop-down list to set the default language that the server will use when it sends system-generated messages. There is a corresponding user option that individuals can use to override this setting for themselves.
Check passwords against a compromised password list from a third-party service
SecurityGateway can check a user's password against a compromised password list from a third-party service, and it is able to do this without transmitting the password to the service. If a user's password is present on the list it does not mean the account has been hacked. It means that someone somewhere has used an identical password before and it has appeared in a data breach. Unique passwords that have never been used anywhere else are more secure, as published passwords may be used by hackers in dictionary attacks. See Pwned Passwords for more information.
Use the drop-down to select how often you wish to check a password against the list since the last time that password was checked. You can choose:
•Never (Passwords are not checked against the list. This is the default setting.)
•A day since last checked
•A week since last checked
•A month since last checked
Number of items displayed per page
This option determines how many items to display per page when a user is logged into SecurityGateway, such as addresses in the whitelist, entries in the message log, and so on. At the bottom of each page there are controls that can be used to move through the additional pages when there are too many items to display on a single page. The default value for this option is 50.
Terms of Use
Require user to accept terms of use below before they can login
Enable this option and enter text into the box, such as a terms of use statement, if you wish to require users to accept the text each time they log in to SecurityGateway. The user can accept the statement by checking a box.
New Users
Send welcome message to new users
Enable this option if you wish to send a "welcome" message whenever a new user is created. This message provides a link to SecurityGateway so that the users can log in and manage their account preferences and quarantine folder. This option is disabled by default.
Send an alert to global administrators when a new user is created
Check this box if you wish to send a message to the global administrators whenever a new user account is created.
Check new user's password against 3rd party compromised password list
When this box is checked, the "Check passwords against a compromised password list..." option above will be used for a new user's password.
Exceptions - Domains
If you select a specific domain in the "For Domain:" drop-down list box at the top of the page when configuring these settings, that domain will be listed here after saving the settings. Click the View/Edit link for the corresponding domain to review or edit its User Options settings, or click Reset to reset the domain's settings to the default Global values.
