Policies allow a company to impose RoboForm settings upon their users. Through policies, security standards can be maintained, ensuring all users within a company are utilizing RoboForm in a secure manner.
Policies can be applied to all users within the company or just to particular groups. Read more about managing groups here.
Master Password
These policies apply to the user’s Master Password and how they log in to RoboForm.
Master Password Complexity: This policy enforces minimal Master Password complexity based on the following criteria.
- Minimum number of characters: The Master Password must be at least this long. This value cannot be less than 8.
- Minimum number of non-numeric characters: The Master Password must contain at least this many non-numeric characters. This value cannot be less than 4.
- Must include at least one uppercase and one lowercase alphabetical character: If checked, this condition will apply.
- Must include a numeric character: If checked, the Master Password must contain at least one number.
Cache Master Password (Desktop Only): If checked and set to "Yes" the user's Master Password will be cached locally and they will not need to log in to their account. If set to "No," this option will be grayed out for your users. This policy will only effect RoboForm desktop platforms, Windows or Mac, and web browser extensions.
- Disable Logoff (Desktop Only): If checked, users will be unable to log out of RoboForm.
Auto-Logout on User Switch or Lock Workstation: If checked and set to "Yes" users will be automatically signed out of RoboForm if their device is locked or the user profile is switched. If checked and set to no then RoboForm will remain signed in in either of these events.
Disable authentication by PIN (Mobile Only): If checked users will not be able to set a pin as a sign in method for RoboForm. This feature is only applicable to the RoboForm mobile application for Android and iOS.
Disable authentication by Biometrics (Mobile Only): If checked users will not be able to set biometric authentication as a sign in method for RoboForm. This feature is only applicable to the RoboForm mobile application for Android and iOS.
Enforce Auto-Log Off Time(minutes): If checked, users will be automatically logged off of RoboForm if they are inactive for the number of minutes specified in this policy.
Disable Master Password Change: If checked, users will be unable to change their Master Password.
Master Password Rotation Time Enforced (days): If checked, users will be required to change (rotate) their RoboForm Master Password after the number of days specified in this policy.
New user temporary Master Password expiration timeout (days): When a RoboForm account is created a temporary Master Password is emailed to the user the account was created for. If this policy is enabled then the temporary password will expire after the number of days specified in this policy.
User Settings
These policies apply to the user’s settings.
Disable RoboForm File Creation(by type): If checked, users will be unable to create data of the selected types.
Enable RoboForm Data Export: If checked, users will be able to export their personal data to a CSV file. If left unchecked then this feature will be disabled in their local application.
Enable Print List: If checked, users will be able to utilize the print list feature to print their data or export it in a PDF format. If left unchecked then this feature will be disabled in their local application.
Disable Sync of Local / User Created RoboForm Data: If checked and set to "Yes" any RoboForm data created by a user will not be synced to our server unless it is added to a RoboForm for Business company owned group. If checked and set to "No" any data a user creates will have an encrypted copy synced to our server.
Force user created RoboForm data to be saved in company groups only: If checked, users will be forced to save any RoboForm data they create in a RoboForm for Business group. If the user does not have at least regular permission in any group, they will not able to create any RoboForm data.
Disable Backup/Restore of User Owned RoboForm Data: If Checked, users will be unable to use the backup or restore features. Enabling this policy will not effect company administrators or group managers.
Disable RoboForm File Sharing: If checked, users will be unable to send or share their RoboForm data with other users. If unchecked, administrators can set whether users can only share RoboForm data with other users in their company or with any other RoboForm user.
Offer to AutoSave: If checked and set to "Yes" RoboForm will automatically offer to save any submitted web form that contains an username and password combination for that form that RoboForm has not already saved. If checked and set to "No" users will need to manually prompt RoboForm to save new logins.
Offer to AutoFill: If checked and set to "Yes" RoboForm will automatically provide matching logins and identities applicable to any currently detected web forms. If checked and set to "No" users will need to manually prompt RoboForm to fill in logins and web forms.
Show Passwords as Stars: If checked, passwords will display as stars when the RoboForm editor is opened.
Disable Emergency Access feature: If checked, the Emergency Access feature will be disabled. To limit the use of the Emergency Access feature, select one of the radio buttons. Users can be restricted to providing emergency access to the company admin, group manager, or other company members.
Enable RoboForm New Version Update Notifications: If checked, users will receive notifications when new versions of RoboForm are available.
Domain Equivalences: If checked, RoboForm will consider the domains paired in the following field to be the same domain for the purpose of saving and using logins. Each equivalence should begin on its own line and use an “=” between each URL in the equivalence.
Enable Attaching to Windows applications: If checked and set to "Yes" the RoboForm desktop application will automatically attempt to attach to local applications and capture and fill the users credentials. If set to "No" this feature will be disabled entirely.
Disable Custom RoboForm Data Directory Location (Windows Only): If checked, users will be unable to change where RoboForm saves their data. RoboForm defaults to saving data in %appdata%\RoboForm.
Note: This policy is enabled by default.
Dual Authentication and Access Settings
These policies apply to a user’s dual factor authentication (OTP) and what platforms and IP addresses they are able to access their account from.
Enforce 2-Factor Authentication: If checked, users will be required to enter an OTP when signing into RoboForm from a new device or web browser.
- Disable One-Time Password SMS Delivery: If checked, users will be unable to receive OTPs via text messages to their phone.
- Disable Google Authenticator: If checked, users will be unable to receive OTPs via Google Authenticator
Disable access from devices (by device type): If checked, users will be unable to Log In to their RoboForm account from the selected web browser/device.
Wipe out locally stored RoboForm data on a device after five incorrect attempts to enter the Master Password (Mobile Only): If checked the RoboForm mobile app will automatically wipe all locally stored RoboForm data if a user fails to enter their Master Password correctly five times consecutively. This will not effect any data stored on the RoboForm server or any other devices.
Enroll new device: If checked and set to "Yes," when users provide a OTP then their device will automatically be enrolled so they will not need to enter an OTP the next time they log in from that device. If checked and set to "No," users will never have their devices enrolled which means they will need to provide a OTP every time they login.
Device Enrollment Period for OTP enforced (days): If checked, an OTP will enroll the user’s device for the number of days specified in this policy. After the enrollment period is over, a new OTP will need to be entered. This policy cannot be used if "Device Enrollment Period for OTP enforced (minutes)" is checked.
Device Enrollment Period for OTP enforced (minutes): If checked, an OTP will enroll the user’s device for the number of minutes specified in this policy. After the enrollment period is over, a new OTP will need to be entered. This policy cannot be used if "Device Enrollment Period for OTP enforced (days)" is checked.
Allowed IP address ranges: If checked, users will only be able to log in to their account from the IP addresses specified in this policy. Start each address or range from a new line or delimit each entry with a ‘,’ or ‘;’. To list a range of address use a ‘-‘, use a ‘*’ to denote all numbers in that range.
Note: If the user is outside the allowed range of IP addresses then they will be unable to access their RoboForm account.
Black List / White List
These policies determine the websites users can use RoboForm on.
White List Domains: If this policy is checked, users will only be able to use RoboForm on the domains specified in this policy. Start each domain on a new line, listing a domain will allow access to all of its sub-domains.
Blacklist Domains: If this policy is checked, users are unable to use RoboForm on any of the domains specified in this policy. Start each domain on a new line, listing a domain will prevent access to all of its sub-domains.
Block AutoSave feature on these URLs: If this policy is checked, users will not be automatically prompted to create a new login when signing into any of the domains specified in this policy. Start each domain on a new line, listing a domain will prevent access to all of its sub-domains.
Blacklist Applications: If this policy is checked, RoboForm will no longer attempt to attach to any of the applications specified in this policy. Start each application on a new line, the executable that launches the application needs to be listed in order to blacklist it correctly.
Comments
0 comments
Please sign in to leave a comment.