# Password & Security

## Getting Here <a href="#getting-here" id="getting-here"></a>

**Settings > User Management > Password & Security**

## User Management - Password & Security <a href="#user-management---password--security" id="user-management---password--security"></a>

The **Password & Security Page** allows administrators to configure password policies, multi-factor authentication (MFA), Inbound IP Allow Lists, and User Inactivity Timeouts.

*SSO/SAML configuration is on the SSO page.*

***

### Page Sections <a href="#page-sections" id="page-sections"></a>

#### **Resetting Passwords** <a href="#resetting-passwords" id="resetting-passwords"></a>

* **Description**: Forces all current users to reset their passwords at their next login.
* **Action**:
  * **REQUIRE PASSWORD RESET**: Clicking this button initiates the password reset requirement for all users.
* **Behavior**: Does not log users out of their current sessions.

***

#### **Password Policy** <a href="#password-policy" id="password-policy"></a>

* **Description**: Enables administrators to configure custom password restrictions for all users.
* **Options**:
  * **CUSTOM**: Toggle to allow custom password policies.

***

#### **Multi-Factor Authentication (MFA)** <a href="#multi-factor-authentication-mfa" id="multi-factor-authentication-mfa"></a>

* **Global MFA**
  * **Description**: Enforces Two-Factor Authentication for all users.
  * **Status**: `REQUIRED` when enabled.
  * **Behavior**: Once enabled, all users must use MFA to authenticate.

***

#### **Inbound IP Allow List** <a href="#inbound-ip-allow-list" id="inbound-ip-allow-list"></a>

* **Description**: Allows administrators to define a list of trusted IP addresses or CIDR ranges to restrict access to Fusion. This list applies to both access to the Fusion Portal **AND** access to the Fusion API.
* **Controls**:
  * **Dropdown**: Input IP addresses or CIDRs.
  * **Guidance**: If left blank, no restrictions are applied.
  * **Example**:
    * `1.1.1.1`
    * `2.2.2.2`
    * `3.3.3.3/16`
* **Actions**:
  * **SAVE ALLOWED IPS**: Saves the configured IP allow list.
  * **IMPORT IPS**: Imports IP addresses or CIDRs from a text file or CSV.

***

#### **User Inactivity Timeout** <a href="#user-inactivity-timeout" id="user-inactivity-timeout"></a>

* **Description**: Allows administrators to define how long a logged-in user can be idle before they are automatically logged out of the Fusion Portal.
* **Controls**:
  * **User Inactivity**: Disabled, 10 minutes, 20 minutes, 30 minutes, 40 minutes, 50 minutes, 60 minutes.
  * **Show Prompt to User**: Show a prompt to the user one minute before they are logged out to give them an opportunity to remain logged in. This button is not displayed if the User Inactivity is set to *Disabled*.
  * **Guidance**: Disabled by default.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.fusion.vectra.ai/settings/user-management/password-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.