DRACOON cloud status:

Now available:  Virus protectionLearn more

Articles in this section

Settings: Policies

  • Updated
Follow

This article describes how you can use policies to set rules in DRACOON that are binding for all users.

There are currently three types of policies in DRACOON:

  • Policy for acceptance of terms of use
  • Password policies
  • Login policies (only for login via a local user account)

Who can specify policies?

Only users with the Configuration Manager role are entitled to set policies.

Topics of this article

Open policy management

  1. In the left side pane, click Settings, and then click Policies. You must be a Configuration Manager to see the Policies command.
  2. The existing policies are displayed.

Policy for displaying terms of use

If you enable the "Show terms of use" policy, a user will see the terms of use after the very first login. The user can then only start using DRACOON after he has agreed to the terms of use by selecting a checkbox.
You can use the terms of use to show legal information to the user, for example. 

You can change the text for the terms of use along with formatting in Branding.

Example: Display of terms of use with policy enabled

Enable policy for displaying terms of use

If you want every user to have to agree to the terms of use at first login:

  1. In the left side pane, click Settings, and then click Policies.
  2. Turn on the Show terms of use switch.

Password policies

In certain scenarios, passwords are used in DRACOON, such as login passwords (when logging in to DRACOON as a local user), passwords for shares and file requests, as well as decryption passwords for accessing encrypted data rooms. Users choose their own passwords.
Password policies allow you to specify how complex the respective passwords of the users must be. The more complex and, above all, the longer a password is, the more difficult it is to guess or spy on during entry.
You can set your own password policies for login passwords (when logging in to DRACOON as a local user), share/file request passwords, and decryption passwords, depending on your security needs.
The following password policies are available in DRACOON:

Minimum number of characters

Defines the minimum length of a password (how many characters it must contain at least).
Possible setting: 1 – 1024 characters
Recommended setting: at least 12 characters

Password length is the most important factor in password security, so short passwords should only be allowed if necessary.

At least one uppercase character required

Specifies that the password must contain at least one of the following upercase characters:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

At least one lowercase character required

Specifies that the password must contain at least one of the following lowercase characters:
a b c d e f g h i j k l m n o p q r s t u v w x y z

At least one special character required

Specifies that the password must contain at least one of the following special characters:
! " # $ % ( ) * + , - . / : ; = ? @ [ \ ] ^ _ { | } ~

The following special characters are not allowed in passwords:
& € ' < >

At least one number required

Specifies that the password must contain at least one of the following numbers:
0 1 2 3 4 5 6 7 8 9

Reject keyboard patterns

Specifies that the password must not contain frequently entered patterns of four adjacent keys (such as 1234 or qwert), independent of upper/lowercase. 

Reject user information

Specifies that parts of the user ID must not be included in the password (first name, last name, login name, or email address of the respective user).

Reject frequently used passwords

Specifies that the password must not contain frequently used words. This policy currently has no effect on the DRACOON cloud even if activated.

Specify password policies

  1. In the left side pane, click Settings, and then click Policies.
  2. Select the checkboxes of the password policies that should be active, or clear the checkboxes of the password policies that should not be active.
    If you want to change the minimum password length, enter the number of characters required in the Minimum number of characters field.
  • You can set separate policies for login passwords, share/file request passwords, and decryption passwords.
  • The policy for decryption passwords applies to both personal decryption passwords and the system-wide emergency password/room emergency passwords (which can be used to decrypt files if users forget their decryption password).
  • The specified policies apply to all DRACOON clients, such as the DRACOON Web App as well as DRACOON for Outlook or DRACOON for iOS.
  • Policies for login passwords are only valid for local login to DRACOON (with DRACOON usernames). If Active Directory or OpenID Connect is used for user authentication, DRACOON policies for login passwords do not apply.
  • If you change a password policy (by clicking the corresponding checkbox, for example), the change becomes active immediately and applies to all future passwords.
  • Changed password policies do not affect existing passwords—the passwords continue to be valid, even if they no longer comply with the changed password policy. A possibility to apply changed password policies to existing login passwords is planned for the near future.

Information for users about active password policies

To let users know which and how many characters a password must contain when they choose passwords, a balloon with the active password policies is displayed when a new password is entered. Password requirements that are already met by the entered password are marked with a green checkmark.

Enforce new login passwords for all users

You can force all users (who are logged in via a local DRACOON user account) to immediately specify a new login password. This is useful, for example, if you have changed your password policy for login passwords and want to ensure that all login passwords comply with the new policy, or if you have become aware that existing login passwords may have been compromised.

To force all users using a local DRACOON user account to be logged out of DRACOON immediately and prompted to set a new login password:

  1. In the left side pane, click Settings, and then click Policies.
  2. Click the Enforce new login password button.
  3. Confirm the warning prompt.

Please be aware that, after initiating this action, all users are logged out immediately from running DRACOON sessions and must set a new login password before they can log in again to DRACOON. Since this may cause confusion and anger (e.g. due to canceled running uploads) among users, it is recommended to trigger this action outside your usual business hours and to inform your users in advance about the required password change—unless there is an immediate need for action, caused by compromised passwords, for example.

Login policies

DRACOON offers 4 policies for the login of local users that you can specify.

Login policies are only valid for local login with DRACOON (with DRACOON usernames). If Active Directory or OpenID Connect is used for user authentication, the DRACOON login policies do not apply.

Enforce login password change regularly after x days

If enabled, all users must regularly set a new login password. The number of days after which an existing login password must be changed can be specified. This period of time does not start until you enable this policy, so existing passwords can continue to be used for the specified number of days after the policy is enabled before they need to be changed for the first time.

Number of previous login passwords that cannot be reused

If enabled, users who set a new login password cannot reuse login passwords previously used in DRACOON and have to choose a completely new password. You can specify the number of previous passwords that cannot be reused.

Number of failed login attempts until the user is locked

If enabled, the user will be locked for a certain period of time (5 minutes by default) if he has entered his login password incorrectly several times. You can specify the number of possible input attempts until the user is locked.
This setting can be used to prevent automated uninterrupted login attempts (via a script, for example) to gain access (until the correct password is guessed at some point).

Lock users for x minutes

Number of minutes a user will be locked out if he has entered his login password incorrectly x times.
Default value: 5 minutes
When you enable this policy, the policy "Number of failed login attempts until the user is locked" is automatically enabled as well.
During the lockout period, the user cannot log on to DRACOON and has to wait for the lockout period to expire before trying to log on again. Thus, the lockout period should not be longer than 10 minutes.

Related articles

Comments

0 comments

Article is closed for comments.