Users Page
The Users page allows BCMS and Proton administrators to view and control the list of approved Proton user accounts. Proton User and Power User account types are not able to view this page. See section 3.1.1 for details on the pages each account type has access to. User account requests are made by end users at Manager login screen — see section 4.1.3. Pending requests can be approved by clicking on the pending account name and then selecting the Approve button. Accounts can be promoted to administrator or power user status (or demoted to user status) by clicking on the account name and selecting User, Power User or Administrator.
Some user accounts may be marked as ‘service’ accounts. Service accounts cannot be deleted and will prevent accidental removal of accounts necessary to ensure administrative access.
User accounts marked as ‘external’ denote the account is authenticated by Single Sign On.
After the initial installation of BCMS, the first account created is automatically promoted to administrator status. Select a user account to modify it.
Customers with specific support and management agreements will see accounts marked as ‘Browsium Service Account’. These accounts cannot be deleted by customers. Browsium Service Accounts can only be created and designated by Browsium and is not necessary for all customers. There is nothing wrong if the installation has no Browsium Service Accounts.
Select Edit to change the user account type.
[]{#_Configuring_Password_Restrictions .anchor}
Password Policy Management
Section titled “Password Policy Management”Proton has a range of user account password policy management features, some configured by default (which can be modified) and others that are off by default but can be enabled by a Proton administrator. Password policies can only be configured in the Web.config file on the Proton server, not in Proton Manager. More on how to locate and edit the Web.config later in this section.
Proton provides password and login policies for the following attributes:
Session Timeout — sets the number of minutes until an idle session of Proton Manager ends and displays the logon screen. The Web.config attribute is timeout, located in the system.web/authentication/forms section. The default value is 2880 minutes (2 days).
Minimum Required Password Length — sets the minimum length of the password The Web.config attribute is minRequiredPasswordLength and the default value is 8 characters.
Minimum Required Non Alpha Numeric Characters — sets the minimum number of special characters that the password must have. The Web.config attribute is minRequiredNonalphanumericCharacters and the default value is 1 character.
Maximum Invalid Password Attempts — sets the maximum number of invalid password entries before the user’s account is locked out. The Web.config attribute is maxInvalidPasswordAttempts and the default value is 1000000 (virtually unlimited).
Password Attempt Window — sets the number of minutes to keep track of invalid password attempts. After the window has expired, the number of invalid password attempts is reset. The Web.config attribute is passwordAttemptWindow and the default value is 1.
Password Expiration — sets the number of days until a new password expires, forcing the user to change the password before logging on. The Web.config attribute is PasswordExpiration and there is no default value for this attribute.
Password Strength Regular Expression — sets a regular expression that every password must match. This can be used to set custom password policies. The Web.config attribute is passwordStrengthRegularExpression and there is no default value for this attribute.
You’ll find a series of regular express examples in the Web.config file. An example using many of the above attributes is:
minRequiredPasswordLength=“12” minRequiredNonalphanumericCharacters=“1” passwordStrengthRegularExpression=”(?=(.*[A-Z]){1,})(?=(.*\d){1,})”
The preceding example sets a password policy requiring that all passwords be at least 12 characters long and contain at least one upper-case letter, at least one digit, and at least one special character.
When the passwordStrengthRegularExpression attribute is used, you should set an InsecurePasswordMessage in the appSettings element in Web.config so that your users will know what the password requirements are. The default InsecurePasswordMessage is
”The password must be at least <minRequiredPasswordLength> characters long and contain at least <minRequiredNonalphanumericCharacters> special character(s).”
To locate the Web.config file on your Proton server, navigate to
C:\Program Files (x86)\Browsium\Proton\Server\Sites\Server (or C:\Program Files\ … if you’re using a 32-bit Windows server). You’ll find Web.config in this directory. It can be edited with any text editor, including Notepad. Familiarize yourself with the various sections of Web.config as the entries to control the password configuration outlined earlier in this section are found in various places inside the file.
Once you’ve made your edits to Web.config, save the file. IIS will automatically restart with the web service to immediately apply your new configuration.
When Proton is deployed across a farm of load-balanced web servers, the same changes must be made to Web.config on each server to ensure the password policies are enforced consistently. To simplify this process, change Web.config on one server and copy the file to the other servers in your server farm. Note: This guidance assumes all web servers are communicating with a single Proton database.
Web.config is replaced when upgrading to a new version of BCMS. You’ll need to save a copy of your Web.config file (or keep a separate document with the edits you have made) before upgrading and apply your custom settings to the new file. You should not assume that the old Web.config file will work on the new version of Proton as other aspects of Web.config may have changed to support new features in Proton.
[]{#_Privacy_Page .anchor}