Create basic users

When you add a basic user to your system, you create a dedicated surveillance system user account with basic user name and password authentication for the individual user. This is in contrast to the Windows user, added through Active Directory.

When working with basic users, it is important to understand the difference between basic user and Windows user.

  • Basic users are authenticated by a user name/password combination and are specific to a system. Even if basic users have the same name and password, a basic user created at one federated site does not have access to another federated site
  • Windows users are authenticated based on their Windows login and are specific to a machine

Configure login settings for basic users

You can define the login settings for basic users. This is done in a JSON file, located here: \\Program Files\Milestone\Management Server\IIS\IDP\appsettings.json.

In that file, you can set the following parameters:

LoginSettings
"ExpireTimeInMinutes": 5 Define the length of time (in minutes) a login session will expire if the user takes no action.
LockoutSettings
"LockoutTimeSpanInMinutes": 5 Define the length of time (in minutes) a user will be locked out.
"MaxFailedAccessAttempts": 5 Define the number of attempts a user will have to log in before being locked out.
PasswordSettings
"RequireDigit": true Define whether base digits (0 through 9) are required in the password.
"RequireLowercase": true Define whether lowercase characters are required in the password.
"RequireNonAlphanumeric": true Define whether special characters (~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/) are required in the password.
"RequireUppercase": true Define whether uppercase characters are required in the password.
"RequiredLength": 8 Define the number of characters that are required in the password. There is a minimum password length of {0} characters and a maximum password length of 255 characters.
"RequiredUniqueChars": 1

Define the minimum number of unique characters that are required in a password.

For example, if you set required unique characters to 2, then passwords such as – aaaaaa, aa, a, b, bb, bbbbbbb – will be rejected.

Whereas – abab, abc, aaab, and so forth – will be accepted because there are at least two unique characters in the password.

Increasing the number of unique characters in a password increases password strength by avoiding repetitive sequences that are easily guessed.

To create a basic user on your system:

  1. Expand Security > Basic Users.
  2. In the Basic Users pane, right-click and select Create Basic User.
  3. Specify a user name and a password, and repeat it to be sure you have specified it correctly.
  4. The password must meet the complexity as defined in the appsettings.json file (see Configure login settings for basic users).

  5. Specify if the basic user should change password on next login.
  6. This is recommended. You should clear the check box only when creating basic users that cannot change their password. These are for example system users, used for plug-ins and server services authentication.

  7. Specify the status of the basic user to be Enabled or Locked out.
  8. Click OK to create the basic user.