Login and authentication security Configure login security options to control access to your instance. Security options You can control several aspects of user login and authentication security: Feature Description Related topics Log in and log out controls Control several dimensions of the log in and log out process for users, such as specifying a landing page that the user sees upon login and control how users log out. Define login scenarios Enable the logout confirmation prompt Remove the Logout button Installation exits Specify lockout for failed login attempts Authentication security Control the password reset process and features like the Remember Me option. You can also use IP address-based controls for access to the instance and implement a nonce to be used with single sign-on digest authentication. Strengthening password validation rules Self-service Password Reset process: overview Change settings for the Remember me check box and cookie IP range based authentication Implementing a nonce Define login scenariosYou can direct all users to the same page after login. Enable the logout confirmation promptYou can enable a logout confirmation prompt to prevent users from inadvertently logging themselves out.Remove the Logout buttonYou can remove the Logout button to prevent inadvertent logouts.Installation exitsInstallation exits are customizations that exit from Java to call a script before returning back to Java.Strengthening password validation rulesYou can customize password strength validation rules for the change password screen by overriding the installation exit associated with password validation.Self-service Password Reset process: overviewThe self-service Password Reset process enables a user to reset the password without assistance from service desk agents.Change settings for the Remember me check box and cookieWhen the Remember me check box is selected at login, a cookie is stored on the user's computer. This cookie automatically authenticates the user upon subsequent visits.IP range based authenticationOne way to secure a web-based application is to restrict access based on the IP address.Implementing a nonceYou can implement a nonce to be used with single sign-on digest authentication.View log of failed login attemptsEach time a user attempts to log in, the action is recorded in an event log. You can view a log of failed login attempts.