Bonterra is aware that many employees work from home or in the field. This may mean that these users access ETO from private or public networks. ETO offers a range of security protocols that organizations may implement to best secure access to ETO.
We recommend that ETO passwords be a minimum length of 6, maximum length of 15, include 1 numeric, and include 1 alphanumeric character.
We recommend mandating new passwords every 30-90 days. This is contingent on your organizations practices.
Reset Password instructions can be found here.
Reduce the idle timeout period for users.
We recommend setting the idle timeout to 60 minutes
Note: Idle time is anytime that a user is not actively changing pages in ETO or submitting forms.
Limit the number of failed login attempts.
We recommend setting failed login attempts to 3. Once that amount has been reached, the account will be locked and can only be unlocked by a Site or Enterprise Manager.
Limit users from logging on based on an IP address range. This range is inclusive so only addresses between those listed will be able to log in to the software.
This practice is best used with a VPN. Restrict login to the IP range of your organizations VPN so that only users accessing the VPN can login to ETO.
Additional security features include:
Legal Use Statement: Depending on what kind of work your organization does, you may want to add a legal statement to your Enterprise. This will automatically take a user to a page with the legal statement when they log in. From this page, they will need to confirm that they have read and understand the legal statement before they can continue to the home page.
Federated SSO Single sign-on, or SSO, is an authentication process that allows a user to log in with a single set of credentials to multiple, independent software systems. Please note: ETO is not an SSO provider. This feature is meant to link ETO to your existing SSO configuration. If you do not currently have SSO set up and running in your organization, please contact your internal IT team. If you are currently using SSO elsewhere in your organization, and would like to include ETO, you will use this feature to do so. Admins on the Touchpoint Bundle should contact support at firstname.lastname@example.org when they are ready to turn on MFA.