Skip to main content
All CollectionsClearPoint Security & Privacy
ClearPoint Security & Privacy - Understanding Security options in ClearPoint
ClearPoint Security & Privacy - Understanding Security options in ClearPoint

This article explains the security options offered by ClearPoint.

F
Written by Fernando Montenegro
Updated over 10 months ago

For ClearPoint administrators looking to improve the security of their users' accounts, the Organization and Security menu offers excellent solutions.


Organization Details

You can change the organization name and contacts on the Organization Details tab.

  • From the Control Panel click on System Settings

  • Select System Setup

  • Click Organization and Security under Standard Features

  • Under Organization Name, enter the name you would like to be displayed in the upper left-hand corner of ClearPoint

  • You can also enter an Industry

  • Under Primary Mailing Address, you can input the best mailing address to receive special ClearPoint packages!

  • Under Points of Contact, you can fill out contact information for

    • Account Administrators

    • Billing Contacts

    • Decisionmakers

    • Technical Admins


Options

On the Options tab, you can select a few account-wide settings.

  • From the Control Panel click on System Settings

  • Select System Setup

  • Click Organization and Security under Standard Features

  • Navigate to the Options tab

  • Use the Default Currency dropdown menu to select a currency for your account.

  • Check the box next to Prevent Users From Changing Home Page if you don’t want users to be able to change their home page.

  • Check the box next to Lock Account if you don’t want anyone logging into ClearPoint at this point.

    • You can adjust the Locked Account Message to better communicate the reason why they cannot log in.

  • Inserting a Custom Logout URL will automatically send users to the destination of the

    URL when they log out of ClearPoint.

  • This is a great option for any organization that uses Single Sign On (SSO) as you can redirect users to your application dashboard page, rather than our login page.

  • You could also choose to send users to a specific page, like maybe a blog about how wonderful ClearPoint is!


Security

On the Security tab, you can configure password and content security options.

  • From the Control Panel click on System Settings

  • Select System Setup

  • Click Organization and Security under Standard Features

  • Navigate to the Security tab

  • Password Validation Regular Expression controls the characters required for passwords to ClearPoint.

  • Password Validation Message is how you can communicate the password requirements to your users.

    • This will appear on the login screen when they are creating a new password.

  • Clicking on the check box next to Require Two-Factor Authentication will require that all

    of your users go through Two-Factor Authentication upon logging in.

    • To learn how this works, check out this Help Center article.

  • Checking the box next to Prevent Multiple Logins is useful if you do not want multiple people using the same login credentials.

    • Users will be kicked out of ClearPoint if someone attempts to log in with the same credentials.

  • Checking the box next to Expire Passwords Every 90 Days will force your users to reset their password upon logging in every 90 days.

    • It is recommended to have users reset their passwords regularly.

  • Checking the box next to Reset All Passwords will require that every user in your account resets their password the next time they log in.

  • Under Context Security, you can select an option from the Invalid Content Policy dropdown menu.

    • The default option in this menu is Warn and Auto-Clean Invalid Content, however, there are other options in this menu.

    • It is possible that while you are navigating around ClearPoint, you come across a red message that states: “Warning: Invalid or potentially dangerous content was filtered out of this field. Please contact [email protected] for more information.”

      • This message indicates that the field’s HTML has potential for cross-site scripting, a security vulnerability allowing a user to alter the code that an application delivers to a user which is executed in the user’s web browser. We implemented a tool that searches for this vulnerable HTML and auto cleans it.

      • The Invalid Content Policy dropdown menu controls the options on this tool.

      • For more information about this, feel free to read this article that explains how we approached preventing cross-site scripting.

Did this answer your question?