Home > Configure Security Settings > Overview
Export to PDF#Configure Security Settings
The Tenant Owner and Service Administrators can navigate to Administration > Security to manage the following security settings:
- **Trusted IP address settings** – To only allow users / public APIs to access AvePoint Online Services from certain IP addresses or IP address ranges, configure this setting by referring to the [Enable Trusted IP Address Settings](#missing-link) section.
- **Password rotation policy for local accounts** – This setting is for AvePoint Online Services local accounts only (Users with the other sign-in methods follow the related systems' password policies). With the password rotation policy enabled for local accounts, the local accounts will be asked to change their account passwords regularly for the security of their accounts. Complete the following steps to enable the policy:
1. Click **Password rotation policy for local accounts** on the **Security** page.
2. In the **Password rotation policy for local accounts** pane, turn on the toggle, select **30**/**60**/**90**/**180** days as the lifespan of the passwords, and click **Save** to save the configuration.
Once you enable the password rotation policy, email notifications will be sent to local users 15 days before their password expiration dates.
- **MFA policy for local accounts** – Choose whether to enable the MFA (multi-factor authentication) policy for the local accounts to sign in to AvePoint Online Services. Once enabled, the MFA policy will be applied to all local accounts within your tenant. For the steps of signing into AvePoint Online Services with a local account after the MFA policy is enabled, refer to [Sign in with a Local Account](#missing-link).
> ***Note**: When you need to reset MFA for a local account, refer to [Manage Users](#missing-link).
- **Session timeout setting** – By default, an AvePoint Online Services account will be automatically signed out if there is no activity for 15 minutes, and the user can sign in again to start a new session. If you want to extend the session timeout duration to be longer than 15 minutes, complete the steps below:
1. Click **Session timeout setting** on the **Security** page.
2. In the **Session timeout settings** pane, set a value for the **Login will expire after** field by entering a proper number before **Hours**/**Minutes**, and click **Save** to save the configuration. Note that the duration cannot be less than 15 minutes.
- **Temporary account creation for AvePoint technical support** – Choose whether to allow temporary accounts to be created for AvePoint Technical Support.
If temporary support accounts are enabled, AvePoint Technical Support team members can utilize these accounts to access AvePoint Online Services or cloud environments. This access is granted when the tenant owner or administrators (service administrators, customized administrators, or application administrators) invite support for assistance.
- **Concurrent sign-ins from multiple locations for the same account** – If your organization does not allow concurrent sign-ins from multiple locations for the same account, turn off the toggle to disable this setting.
The result will be like the following example: Bob has signed in to AvePoint Online Services with an account, and John signed in to AvePoint Online Services with the same account at a different location. Upon John’s sign-in, Bob will be automatically signed out.
> ***Note**: This is not a real-time setting. If you disable this setting, it will take effect after a few minutes.
- **Service providers’ access to AvePoint Online Services** – This toggle is turned on by default and is only available to the customers of the managed service providers. As a customer, if you do not want to allow the managed service provider to access your AvePoint Online Services environment, you can turn off this toggle.
- **Reserved IP addresses** – If your organization has an access policy and only specific IP addresses are allowed, you must download the list of reserved IP addresses and add the IP addresses to the safe IP address list. For additional details, refer to [Download a List of Reserved IP Addresses](#missing-link).
- **ARM VNet IDs** – If you are using the **Bring your own storage** model for any of AvePoint's services, are storing your data in the same Microsoft Azure data center as your AvePoint Online Services tenant (or in a paired region), and also have a firewall enabled on your storage, you will need to add our service to your virtual network. For additional details, refer to [Download ARM VNet IDs](#missing-link).
On this page