EverTrue Authentication Controls
EverTrue values high security and understands the importance of authentication controls.
While EverTrue's authentication and authorization default settings maintain a high level of security for organizations and their users, we recognize that some teams may wish to go further or may need to conform to stricter standards to comply with organization requirements. Below are the various components that can be set by our EverTrue Operations and Support teams at any time.
Set up two-step authentication for your organization.
EverTrue users are encouraged, but not required to use two-step authentication. Clients can ask our team to enable that service so all users under their organization will be required to enroll and utilize two-step authentication. To learn more about two-step authentication, click here.
Define password strength policies for your organization.
Your organization can define the required strength of basic authentication passwords. By default, our passwords have a minimum length of 8 characters, but with our configurable policy, clients can set/require any of the following:
- Minimum character length (can't be less than the default)
- Maximum character length
- Capital letter inclusion required
- Number inclusion required
- Special character inclusion required
Define password reset policies for your organization.
Your organization can define the reset timeframe of basic authentication passwords. By default, our passwords have no defined reset timeframe, but with our configurable policy, clients can set/require any of the following:
- Number of days until a password expires
- Check that new password is different than previous (1-3) last defined passwords
Define session length policies for your organization.
Organizations interested in controlling the session length of inactivity can work with our operations and support teams to define the period of inactivity before a session expires. Once set, every user in the organization will have their session expire when it surpasses the inactivity timeout.
For additional questions about security, please email our Support Team: email@example.com.