Security parameters

The number of minutes that an active session is maintained, regardless of user activity. A request with a session that was created a greater number of minutes ago than this setting is immediately invalidated and all in-progress work is lost.

Default: 600

Set for server: Yes

Whether to enforce an absolute maximum session length, regardless of user activity. If an active authenticated session passes the AbsoluteMaxSessionLength number of minutes, the session is invalidated immediately and all in-progress work is lost.

Default: false

Set for server: Yes

If UseACLPermissions is true, then setting this parameter to true means that supervisors inherit permissions on an object that has been added for a supervised user or group.

Default: true

Indicate which groups and producer codes are available to external users. In order of increasing access, values are:

• FULLYRESTRICTED – External users can be assigned to groups only within their organization. Users inherit producer codes from their groups. In addition, external users can be assigned producer codes from their organization.
• PROTECTINTERNAL – External users can be assigned to any external groups. Users inherit producer codes from their groups. In addition, external users can be assigned producer codes from any external organization.
• ALLOWINTERNAL – External users can be assigned to any groups, internal or external. Users inherit producer codes from their groups. In addition, external users can be assigned producer codes from internal or external organizations.

Default: FULLYRESTRICTED

See also

• Producer code security for agents working for multiple agencies

Number of failed attempts that PolicyCenter permits before locking out a user. For example, setting this value to 3 means that the third unsuccessful try locks the account from further repeated attempts. This integer value must be 1 or greater. A value of -1 disables this feature.

Default: 3

Minimum: -1

Time in seconds that PolicyCenter locks a user account. A value of -1 indicates that a system administrator must manually unlock a locked account.

Default: -1

Time in milliseconds before a user can retry after an unsuccessful login attempt. This integer value must be 0 or greater.

Default: 0

Minimum: 0

New passwords must be no more than this many characters long. This integer value must be 0 or greater.

Default: 16

New passwords must be at least this many characters long. For security purposes, Guidewire recommends that you set this value to 8 or greater. This integer value must be 0 or greater. If 0, then Guidewire PolicyCenter does not require a password. (Guidewire does not recommend this.)

Default: 8

Minimum: 0

Whether PolicyCenter restricts the match results from a contact search screen to those that the user has permission to view.

Default: true

On contact search screens, whether PolicyCenter restricts the results of a search to those that the user has permission to view. This does not affect other searches in PolicyCenter.

Default: true

The number of seconds of user inactivity after which the browser session expires.

This parameter sets the session expiration timeout globally for all PolicyCenter browser sessions. For more information on controlling the session timeout, see the System Administration Guide. Also see the parameters AbsoluteMaxSessionLength and EnableAbsoluteMaxSessionLength.

Default: 10800

Minimum: 300

Maximum: 604800

Whether authentication is done through external single sign-on (SSO).

Default: false

Set for server: Yes