GuardianERM.net supports Microsoft Azure Active Directory Single Sign-On (SSO). This feature allows an organisation to access GuardianERM without the use of passwords and simplifies integration into existing intranets and more. The SSO feature also includes a unique sub-domain for an organisation, allowing for greater ownership of a database (e.g. company.guardianerm.net). This sub-domain is linked to the Azure AD tenant ID of your organisation, ensuring no external users can access your database.
SSO can be assigned for individual users, or can be enforced for all users using the "Enforce SSO login for all users".
If SSO is not enforced, users in GuardianERM that are not part of your organisation can still access your database using the old login method with their set password by visiting the general website domain guardianerm.net.
If SSO is enforced then all users must have an account in your organisation's Microsoft/Azure Active Directory. In this case, all passwords are irreversibly cleared and no external users will be able to access your GuardianERM system. The "Allow SSO" checkbox will be disabled in the User Management screen, and ticked for all users.
Note: While SSO is turned on, a Reset Password cannot be performed as SSO does not utilise password management.
System Password RulesBy default, the system password rules are turned off. To turn it on and configure the rules, select System Password Rules from the Main Menu in the Administration Module. You have to log in as an administrator to access this function.
All changes will be activated the next time a user changes his/her password. For the "Number of Days Password is Valid For" setting, when the rules are turned on, all users have the same number of days entered to change their passwords.
The system administrator's password will never expire, regardless of the settings.
Without the password rules, when a user changes his/her password, the new password must be at least 5 characters in length and there cannot be any 3 consecutive characters that are in the old password. For example, replacing yellow with lower will not be accepted because 'low' is contained in yellow.
When an administrator creates a new user or resets an existing user's password, the password rules, except the default minimum 5 characters rule, do not apply. However, the new password will have expired already and the user must change the password upon login.
Note: The following special characters cannot be used for a password:
" ' % * ( ) < >