Sigma Online User Manual

Security Management

Sigma provides the ability to control the complexity of passwords that should be used, as well as whether Two-Factor Authentication should be required in order to access the system.

This configuration can be managed within the "Security Settings" activity, which is accessible from the Welcome Page.  Note, it does not show in the Activities dropdown.

         


If you do not see this Activity, it may need to be added to your Role - see below.

In this section:

Adding Security Settings Activity 

Admin Users will have access to the Admin Users Activity

  • Open the User Admin Activity
  • Click on the Manage Roles tab
  • Click on the Admin User Role
  • Tick Password Complexity Setup

         

  • Click Save
  • Log out and then Log in to see the Security Settings Activity on the Welcome page

Default Password Complexity

The default rules for passwords can be seen in the Security Settings Activity, as per the table below.

  • From the Welcome page, click on the Security Settings Activity 

This shows the default settings and whenever passwords are created or reset, they will need to conform to these settings.


OptionDescription
Minimum Password Length (Must be at least 8)The number of characters the password must contain as a minimum.
Minimum Number Of Upper Case Characters (Must be at least 1)
The number of “UPPER CASE” alphabetic characters must the password must contain as a minimum.
Minimum Number Of Lower Case Characters (Must be at least 1)
The number of “lower case” alphabetic characters the password must contain as a minimum.
Minimum Number Of Special Characters (Must be at least 1)

The number of “special” characters the password must contain as a minimum.

Special characters are any character excluding alphabetic, numeric or spaces.

Minimum Number Of Numeric Characters (Must be at least 1)
The number of numeric characters (0123456789) a password must contain as a minimum.
Minimum Number Of Alpha Characters (Must be at least 0)
The number of alphabetic (a-z) characters the password must contain as a minimum.
Minimum Password Repeat Age (Months) (Must be at least 10)
The minimum number of months that can go by before a previously used password can be re-used.
Two Factor AuthenticationChoose of Opt In or Opt Out.  See below for more details



Changing the Password Complexity

From the Security Settings Activity:

  • Change any of the settings to a HIGHER figure (the default settings are the minimum)

Note:  You can not set anything that falls below the minimum requirement (as described in the option). 

For example the minimum length of the password is 8 characters. 

  • If you were to enter 7 or under, the following would show, and you will not be able to save it: 

         


Once you have changed any of the settings:

  • Click Save to save the changes

         

Two-Factor Authentication

Sigma has two factor authentication available which is an extra layer of security used in addition to entering a username and password when logging into the system. It ensures that two pieces of evidence (factors) are entered in order to successfully authenticate and gain access.  When this is enabled, each Sigma User will be required to provide an additional item of authentication (a verification code) on top of their username and password that will prove who they are. Once enabled, users will only be allowed to log in using Two-Factor Authentication from that point forwards.

Users must have access to an authentication application that uses RFC 6238. There are two methods this can be achieved, either by installing an application on a Smart phone (e.g. Google Authenticator, available on the applicable app store) or installing an extension to a desktop web browser (e.g. Authenticator).

The configuration is done in two stages. Firstly, Two Factor authentication needs to be enabled, and then when the User first logs in they will be prompted to set up the Two-Factor Authentication.

Enabling Two Factor Authentication

Within the Security Settings Activity, Two-Factor Authentication can be enabled by selecting ‘Opt In’ from the corresponding drop down box.

  • Change from Opt Out to Opt In

When this is enabled, the next time a User logs in they will be prompted to set up the Two-Factor Authentication.


Setting up Two Factor Authentication

When the User logs into Sigma for the first time after the 2FA has been activated, Sigma will display a QR Code that will need to be scanned into the authenticator app so that it can generate a verification code.

Mobile App - Google Authenticator

The Google Authenticator mobile app is free to use and can be downloaded from the Play Store on Android phones or the App Store on iPhones.

When accessing the app for the first time it will guide you through the process of setting up an account on the app to authenticate with Sigma.

The app will then be setup to provide a verification code as required each time the User logs onto Sigma going forwards.

Using Two-Factor Authentication

When Two-Factor Authentication is enabled, whenever a User logs into Sigma after correctly entering their username and password, a Verification screen will be displayed prompting the user for a Verification Code.


  • Users will need to generate the Verification Code using the authenticator app that has been setup for each User.
  • The app will show a six-digit number that is valid for at most 30 seconds.


  • Once the code had been generated, enter it into the Verification Code field in Sigma
  • Click Verify to access Sigma

Once the code has been entered and the Verify button selected, Sigma will complete the authentication and grant access to Sigma.



@ Copyright TEAM - Energy Auditing Agency Limited Registered Number 1916768 Website: www.teamenergy.com Telephone: +44 (0)1908 690018