Overview
The Login & Logout page allows administrators to manage session security and protect the platform against brute-force attacks or unauthorized access from unattended devices.
Access this page via System Settings → Login & logout.
Account Lockout Protection
Configure how the system responds to consecutive failed login attempts.
| Field | Description |
|---|---|
| Maximum Failed Attempts | The number of incorrect password entries allowed before the account is temporarily locked (e.g., 5 attempts). |
| Lockout Duration | The amount of time (in minutes) an account remains locked after exceeding the maximum failed attempts. After this period, the user can try logging in again. |
| Unlock via Email | If enabled, locked users can request an automated email with a secure link to unlock their account without waiting for the lockout duration to expire. |
Session Management
Control how long a user can remain inactive before the system automatically logs them out to protect sensitive clinical data.
| Field | Description |
|---|---|
| Idle Timeout | The maximum allowed inactivity time (in minutes) before the system automatically logs the user out and redirects them to the login page. |
| Session Warning | If enabled, the system will display a warning prompt (e.g., "Your session will expire in 2 minutes") before the idle timeout is reached, allowing the user to click "Extend Session" to stay logged in. |
Compliance Tip: For platforms handling highly sensitive PHI or operating under strict FDA 21 CFR Part 11 / ICH-GCP guidelines, it is recommended to set the Idle Timeout to 15 or 30 minutes.
Saving Changes
Click Submit to save your session and lockout configurations. Changes to the Idle Timeout will apply to all users upon their next login or page refresh.