How to Leverage CLM Authentication for Increased Security & Compliance
Contract Logix is a security-first contract management software solution with a robust set of security features, certifications, and settings. Your contracts contain some of the most sensitive information about your business and its relationships with partners, customers, suppliers, and more. That’s why keeping your contracts secure should be a top business priority. In addition, security is a critical component of contract management to ensure compliance with industry requirements such as PCI, HIPAA, GDPR, and CCPA, to name a few.
One important component of our platform’s CLM security capabilities includes the CLM Authentication settings where you can manage password policies, authentication types, as well as session durations.
Let’s take a closer look at how fast and easy these are to configure to your business’ security needs.
Logging in to Your CLM Software
When you first log-in to Contract Logix you are prompted to enter your username and password. Once logged in, you are taken to the home screen where you can see all your contract management activity. The layout and information found on the home screen are completely configurable to your specific needs. Here you can also see your user preferences, and if necessary, change your password.
CLM Authentication Settings
Now, if you are System Administrator for Contract Logix software at your organization and want to configure your password policy and other authentication requirements, you simply go into the Settings section.
Within the Authentication setting, you can select the authentication type you want to require for your users including username and password or single sign-on (SSO) authentication. Contract Logix has packaged integrations with several of the leading Identity Providers (idPs) for single sign-on including Azure Active Directory, Okta, Microsoft Active Directory, DUO, and PingFederate. The platform also supports Two Factor Authentication (2FA) which we’ll walk through in separate blog post.
Next, you can set up your Password Policy. You can select whether you want to require Numeric Digits, Lowercase, Uppercase, and Non-alphanumeric characters in your users’ passwords. You can also determine the minimum number of characters for passwords. This is especially useful for PCI compliance which requires a minimum of 7 characters. Here, our default setting is 8, but you can change it to whatever length your business requires. You can also establish the number of unique characters required for a password.
Another important setting is the number of failed attempts allowed before the user is locked out, as well as the duration of that lock out. Again, for PCI 8 compliance, you may want to set a 30-minute lock out duration after 6 failed log-in attempts.
The last two authentication settings include how long a password reset email is valid for and how often to force a password update. These features are especially valuable if your organization has an IT security requirement that specifies all users of all applications, including Contract Logix, periodically reset their passwords, such as every 90-days. Here, the administrator can easily make that happen by requiring a password update for that timeframe.
Finally, the last item we’ll look at is in the Session Settings tab. For sessions, you can select when you want Contract Logix to timeout due to inactivity. 15-minutes is the minimum PCI requirement, but you can configure this to your business’ specific IT needs.
Takeaway
Contract Logix provides an extremely robust set of security capabilities, configurations, and certifications including the Authentication Settings highlighted in this blog. Your contracts contain extremely sensitive information and it’s critical that data is well protected to help you mitigate risk and ensure regulatory and IT compliance. That’s why we’ve taken a security-first approach with our CLM software.
If you’re interested in seeing how Contract Logix can help your business, please schedule a demo today!