Note: This topic is for Realm administrators only. QuickBase realms can be set up only on accounts that have purchased a QuickBase Enterprise plan. If you have a QuickBase Team account, or if you do not have a realm, you don't have access to the features discussed here.
QuickBase lets you set up security around how and when your users access QuickBase applications in your realm. Using the Realm: Policies tab, you can:
Set a timeout limit for sessions
Allow sign in across sessions
Prevent users from signing in after failed sign-in attempts
Note: Realm Policies (set using the Policies tab) are not applicable when an external authentication system has been implemented via LDAP or SAML.
Do you ever worry about the user who never closes the browser? Say he accesses one of your QuickBase applications and then leaves his workstation unattended for hours or days at a time. Clamp down on this practice by implementing a Session Timeout. When you do so, QuickBase automatically closes out after the time limit you specify passes. This session timeout is not tied to inactivity. Instead, it’s meant to prohibit users from remaining signed in for exceptionally long periods—like more than a day, for instance.
Note: This timeout is NOT triggered by inactivity. Instead, it's intended to force users to sign in at any interval you choose. If you set this interval to 60 minutes, then your users will be kicked out every hour. Give them more time, by specifying several hours or a day.
You can tell QuickBase whether or not you want the program to let users access your realm without having to sign in each time. If you “Allow a user to stay signed in across sessions” then any user can turn on a checkbox labeled Keep me signed in on this computer unless I sign out (located on the sign-in page). When a user turns this option on, she doesn’t need to enter her user name and password to gain entry to your realm (unless she actively signs out). This can compromise your security in a number of ways. For instance, an unauthorized person might gain access to the user's computer. Realms let you disable this option, thereby forcing everyone to sign in with a valid user name and password each time they access your realm.
As Realm administrator, you can define the number of times users are allowed to try to sign in to QuickBase with an incorrect username/password combination. You can configure your Realm so that it locks a user's account after a specified number of failed sign in attempts. You can specify:
The amount of time, in minutes, an account should remain locked. (The default is 10 minutes).
The number of failed sign-in attempts that should trigger an account lock out. (The default is 10 failed login attempts).
Note that, if you change how long an account should remain locked, your changes take effect immediately. So, if a user has been locked out of the system for 2 minutes, and you change the lock out time from 3 minutes to 10 minutes, the user will be locked out of his or her account for 8 minutes more.
If you want, you can configure your realm so that users are never locked out of their account. If you enter 0 for the amount of time an account should remain locked, the user will never be locked out, regardless of the number of failed sign-in attempts.
To control user sessions
On your My QuickBase page, click Manage the realm, and then click the Policies tab.
Within the Sign-in Policies section of the page, set the following options:
Allow user to stay signed in across sessions. If you want to force users to sign in each time they try to access your realm, turn this checkbox off. If you want to spare users the trouble of signing in each time they access your realm, turn the checkbox on.
Session Timeout (in minutes). Enter the number of minutes you want to let users remain signed into your realm. QuickBase kicks users out when the time has elapsed. For that reason, it's best to enter a large interval like once a day, for example.
Prevent user from signing in for n minutes after x failed attempts. Enter the duration of the lock out (in minutes), and the number of failed attempts that should trigger the lockout.
Click Save.