System options: Security settings [in-depth guide]
Guide contents: Navigation | Security groups defaults | Edit security group | Full user & client rights | Global options | Resources
Menu > Admin/manager > System setup > Account information > Security settings
Security "group" settings allow users to grant or restrict access to different areas of Workamajig. Once the setup of security groups is completed, you can edit each employee record and assign them to a security group based on what they will need to do in Workamajig.
Security group defaults
The system contains default security groups that have typical areas of access based on typical roles performed by users accessing Workamajig:
Administrator & IT
Creative & production
Vendors & freelancers
We recommend using the default security group settings during your initial setup/implementation phase. As you become more adept with the system, you can easily set up more security groups to fit your needs.
To add additional security groups or edit existing ones, please refer to the Add a security group [in-depth guide].
Edit security group
Click the Pencil edit icon next to the name of the selected security group.
Group name - Here you can change the name of the group. Which is visible to administration setup and employee setup.
Security level - This is used to prevent users who can edit employee records, to not assign a security group to themselves or others with a group level that is higher than themselves.
This group can change the background image - This allows the users to set their own background image for the menu.
Default page - You can set a default page for the group. But know that each user can override this in their user settings.
Data sets - This controls what custom report data sets users of this group can use to start a new report on their own. It does not restrict them from accessing reports made by others with different data sets.
Full user & client rights
For the full list of rights & definitions, please review the Security group rights [in-depth guide].
NOTE: While you can see while users are in the selected groups, you cannot change which group the users are a part of in this screen. You will need to go into their employee record to change that.
Passwords require numbers - This option requires users to enter a number as part of the password.
Passwords require letters - This option requires users to enter letters as part of their password.
Passwords require special characters - This option requires users to enter a special character (!@#$) as part of their password.
Passwords require capital letters - This option requires users to enter capital letters as part of their password.
Passwords require lowercase letters - This option requires users to enter lowercase letters as part of their password.
Passwords may not be similar to user ID - Restricts passwords from being the same as the username.
Users must change password on first login - This works one-time only per user record. NOTE: To apply a force password change after the initial login, you can use the 'force password change' option in the user's employee record.
Password minimum length - Enter the minimum number of characters long that a password has to be.
# of passwords to remember - Enter the number of passwords you would like the system to remember when validating a user's new password. If this option is set to 5, then when a user changes their password, it can not be any of the past 5 passwords they have used. This keeps people from switching between two common passwords. If you enter 0, then it will not remember any passwords.
# of incorrect logins before lockout - You can specify how many attempts to enter the correct password a person has before they are locked out of the system. An administrator has to unlock a person before they can log in again. If you enter a 0, then users will be allowed an unlimited number of login attempts.
# of days between password changes - You can specify how often a person must change their password. If you want them to use a new password each week, then enter 7. if you enter a 0, the system will not require any password changes.
Logout after # of inactive minutes (0 unlimited) - This lets you specify the number of minutes any user is inactive within the application and then log out their current session. For example, if you enter 20, once a user has clicked on no actions in Workamajig, they will be logged out. NOTE: If the user has a record open and populated but not saved, the data of that unsaved record will be lost upon the auto-logout.
Force all users to use Platinum - When checked, ALL users attempting to log in using the Classic/Flash interface will be taken to the Platinum interface.
Allow users to request a password reset email - If selected, users can click a "Forgot password" link and request an email containing a link to allow a password reset. Be sure the user is using your server's URL to start.
Restrict custom report project data to assigned users - If selected, data in custom reports will be restricted to only projects the user is assigned to.
Show GL company access restrictions setup - If this checkbox is checked, you will be able to set up access to GL companies on the company & contact screens and control GL company restrictions.
Enable GL company restrictions
- Appears when 'show GL company access restrictions setup' is checked.
- For more on this feature, refer to the GL company security setup [in-depth guide].
Add a security group [in-depth guide]
Security group rights [in-depth guide]