Understanding Security Administration

eddy_summary: Learn how to configure and manage application-wide security settings in Platform using the Security Administration page.
eddy_keywords: security administration, password policy, inactivity settings, login attempt control, account locking, SSO options, tenant security settings, IP logging, support access, security configuration
eddy_intent: How-to
eddy_module: Platform
eddy_synonyms:
security administration = security settings, access controls, system security
inactivity period = idle timeout, user inactivity threshold, inactive days
password policy = password rules, credential requirements
eddy_questions:
- How do I update password and inactivity settings in Security Administration?
- How do I configure account lockout rules and login attempt limits?
- What tenant-level security settings can administrators manage?
- How do I enable or disable IP logging and protection options?
- How do I manage Planful Support access and expiration dates?

The Security Administration page allows administrators to manage application access settings, including password policies, access controls, and user activity tracking. This ensures that the system stays secure and aligned with organizational standards.

To access the Security Administration page, navigate to Maintenance > Administration > Security Administration.

Tenant Group Security Settings

To access the Security Administration page, navigate to Maintenance > Administration > Security Administration.

Note:

Contact Planful Support to request edit access to the Tenant Group Security Settings section and update security settings.

• Enforce password change after X number of day(s) – Specify the number of days after which users must change their password

• Password must contain a minimum of X character(s) – Specify parameters for passwords, such as the required number of characters

• Enforce account locking after X number of invalid attempt(s) – Specify the number of failed login attempts before locking a user out of the application

• Disable current password check for SSO users – Allows the use of Single Sign-On (SSO) without the need for the user to verify their current password

• Deactivate user account after X number of day(s) without login – Update the number of days to deactivate user accounts if they remain inactive for a specified number of days.

• Do not allow X previous passwords to be used for password reset – Specify the number of previously used passwords that cannot be reused when a user resets their password.

Tenant Security Settings

Select the appropriate settings. The default settings are enable IP Logging and enable Employee Review %.

• Enable IP Logging – An IP (Internet Protocol) address in a unique set of numbers that represent the computer connected to the system. IP logs contain recordings of IP addresses representing members who have logged on to the system.

• Enable Protect Sheet/Workbook in Excel Exports - Allows users to enable or disable the Protect Sheet mode as per their convenience.

• Enable Snapshot in Data Input Templates - Allows users to take snapshots of input templates.

• Enable Email in Data Input Templates - Allows users to send emails with input template data attached.

• Enable Snapshots in Reports - Allows users to take snapshots of reports.

• Enable Email in Reports - Allows users to send emails with reporting information attached.

• Enforce changing the account properties when the data is available - Allows account properties to be edited when data exists. For Segment Hierarchies, the system properties (i.e. Account Type, Currency Type, Credit/Debit, Normal Data Input Type, and Variance) are disabled for account members if data has already been loaded for these members and the configuration is turned off. However, if the configuration is turned on, these properties are opened to edit (even when data exists for the members). It's important to reload Data Loads and rerun Consolidations to avoid data discrepancies.

• Enable Employee Review % at - Allows the configuration of Review % at the Employee/Employee Type level. If set at the Employee level, Review % may be overridden for each employee in the template.

• Enable Email on Budget Approval Workflow - Allows users to send emails during the budget approval workflow with budget information attached.

• Enable Access to Planful Support Users Until - Allows Planful Support Users to access your application to better help you facilitate necessary tasks or provide additional assistance. If you turn off (do not select this checkbox) Support Access, Planful Support Users will not have access to your application. If you disable this option during a Support User session, the Support User is allowed to continue the session, but may not log in again. Planful Support User information is not available for viewing by your users. The system keeps audit logs of all Support Users that log in to your application.

  • Click the calendar button to provide a date until which Support User access is valid. By default, this option is opened and the date is set to 10 years out. You may edit this date at any time.

• Enable cross sheet reference account update in Offline Planning workbook - Allows you to indicate whether or not you want the system to automatically populate the updated reference account line data in the dependent templates without connecting to the online template. For example, if you have two templates checked out for offline input with reference mapping (one template referencing data from another), you may automatically populate the reference account line data, or not, based on performance needs.

• Check cube process status after every _ minutes - Checks the status of the reporting cubes every number of minutes selected and updates the cube icon.