Docs / Platform Settings / Secuirty

Security Settings

The Security tab contains settings for API authentication, session management, and account protection.

Accessing Security Settings

  1. Click Configuration Settings in the sidebar
  2. Select the Security tab

Global API Key

The Global API Key is used by agents to authenticate with your ZEM Cloud instance. This key is embedded in the enrolment command and used for all agent communications.

Viewing the API Key

For security, the API key is hidden by default. To view it:

  1. Click the Show button next to the API Key field
  2. The key will be displayed temporarily
  3. Click Copy to copy it to your clipboard

Session Timeout

Configure how long administrator sessions remain active before requiring re-authentication.

Preset Options

  • 15 Minutes - High security, frequent re-authentication
  • 30 Minutes - Default, balanced security
  • 1 Hour - Convenient for active users
  • Custom - Set a specific timeout (1-1440 minutes)

Setting a Custom Timeout

  1. Select Custom from the dropdown
  2. Enter your desired timeout in minutes (1-1440)
  3. Click Save

The maximum custom timeout is 1440 minutes (24 hours).

Session Security

Enforce IP Address Validation

When enabled, users are forced to log in again if their IP address changes during an active session.

  • Enabled - Sessions are invalidated when IP address changes
  • Disabled - Sessions continue regardless of IP changes

This provides additional protection against session hijacking attacks, where an attacker attempts to use a stolen session token from a different location.

Account Lockout

Configure automatic account lockout to protect against brute force password attacks.

Lock After Failed Attempts

Set the number of consecutive failed login attempts before an account is locked.

  • 0 - Lockout disabled (not recommended)
  • 3-5 - Recommended for most environments
  • Higher values - More lenient, allows more attempts

Lockout Duration

How long an account remains locked after exceeding the failed attempt limit.

  • 15 Minutes - Short lockout period
  • 30 Minutes - Default, moderate lockout
  • 1 Hour - Extended lockout period
  • Custom - Set a specific duration (0-10080 minutes)

Setting the custom duration to 0 means indefinite lockout - the account must be manually unlocked by an administrator.

Unlocking Accounts

Locked accounts can be unlocked by an administrator through the Users tab in Configuration Settings.

Security Best Practices

  • Set session timeout to 30 minutes or less for sensitive environments
  • Enable IP address validation when possible
  • Configure account lockout with 5 failed attempts and 30-minute duration
  • Regularly review the audit logs for suspicious activity