Set Security Options for Your Webex Site

Webex Site Administration provides several methods for preventing unauthorized use of your Webex site. You can:

  • Strengthen the password criteria to make passwords more difficult to guess

  • Require that meeting attendees provide passwords to prevent unauthorized access to Webex sessions

  • Review all requests for lost passwords

  • Allow the use of Access Anywhere

1

Sign in to Webex Site Administration and go to Configuration > Common Site Settings > Options.

2

In the Security Options section, configure the options for your site.

3

Click Update.

Security Options

Option

Description

Account management section

Allow user to change username

Select this option to allow users to change their usernames by editing their user profiles. This option is unavailable if the Auto Login option is enabled for your site.

Confirmation that is required for the user to update email address

Select this option to require site administrator approval for requests to update host email addresses. Ensure that the Review host account requests option in the Account Management Settings section is also selected.

Lock out account after [N] failed attempts to log in

Select and then specify the number of times a user can try to sign in before they have to contact you for assistance. You can also choose to have the site administrator notified when accounts are locked out.

Automatically unlock account after [N] minutes

Select to automatically unlock accounts after the number of minutes you specify.

Deactivate account after [N] days of inactivity

Select to specify how many days an account can be inactive before user’s host license is revoked. An account is "active" whenever a user hosts a meeting or logs into the meeting site.

Note that:

  • You can enable email notifications for accounts that will be deactivated. Otherwise, users won't receive any notifications from the site administrator to inform them that their account has been made inactive.
  • Inactive users will still lose their host license even if they have scheduled meetings for the future. You can run the Meetings Future Schedules report to see meetings that inactive users have scheduled.

Send email notifications [N] days and 1 day before account deactivation

(WBS31 and later)

Select to send email messages to users, whose accounts will expire because they have not signed in within the specified number of days. You can specify the number of days before account activation to send the first email.

Forgot password

Choose one of the following options:

  • Send user an email with a link to change password.

    You can require administrator approval to send the emails. Check the Require approval for "Forgot your password?" requests check box.

  • Require administrator to reset user's password.

Allow user to change password even if Auto Login APIs are on

Select this option to allow users to change their passwords, even if the Auto Login APIs are in use.

Manage user accounts through APIs

Select to use URL or XML APIs to create or change user accounts.

Forgot password

Specify which options to display when a user forgets their password:

  • Specify site administrators to receive user password requests.

  • Select Send email with the link to change the password to send an email that includes the password. This email also indicates whether a site administrator must approve the request. Non-SSO sites have the Send email with the link to change the password option selected by default.

  • Select Display brandable text if you want to create your own email message about resetting the password. SSO sites have this option selected by default.

    If the Manage user accounts through APIs option is selected, only the Display brandable text option is available.

Account Sign up section

Confirmation that is required for new accounts

Select to require confirmation for users to sign up for an account. Also, you can specify the number of days for which the confirmation link is active. If the account is not turned on within that period, the link expires.

Notify all site administrators whenever a new account is created

Select to notify all site administrators when a new user account is created.

Show security check in the signup form

Select this require new users to type the letters or digits of a distorted image that appears on the screen for added security.

Password management section

Require strong passwords for user accounts

Select to require that all new and changed user passwords comply with the password criteria that you specify.

The system automatically generates passwords when users sign up for an account or reset their passwords, or when you import account information from a .csv file. Automatically generated passwords only contain the following characters if your password settings enforce the use of mixed case and special characters.

  • ` (back quote, the character located on the tilde key)

  • L (uppercase L)

  • l (lowercase L)

  • 1 (the numeral, one)

  • O (uppercase O)

  • o (lowercase o)

  • 0 (the numeral, zero)

Require mixed case

Select to require that user passwords contain both upper and lowercase letters.

Minimum length

Select to require that user passwords have at least the number of characters that you specify.

Minimum number of numeric

Select to require that user passwords contain at least the number of numeric characters that you specify.

Minimum number of alpha

Select to require that user passwords contain at least the number of alpha characters that you specify.

Minimum number of special characters

Select to require that user passwords contain at least the number of special characters that you specify.

Do not allow any character to be repeated 3 times or more

Select to prevent the use of any character more than twice in a user password.

Do not allow dynamic web page text for account passwords (site name, host's name, username)

Select to prevent the use of dynamic web page text, such as the

  • URL for the site on which the meeting, event, or session occurs—for example, your_company.webex.com

  • Host's own name

  • Username

If the host's name is "Wendy Smith", the following are some examples of passwords that are not allowed: Wendy, Smith, WendySmith, wendy, wendysmith, wendysmeeting, and meetwithwendy.

Do not allow account passwords from this list:

Select to prevent the use of any word in the list, in user passwords. You can edit the list to add or remove words.

User can reset password after [N] hours

Select to prevent the user from changing the password for the number of hours that you specify.

Allow user to save account password in cookies

Select to allow users to store their password information in browser cookies. If you enable this option, users don't have to enter their passwords each time they use the same computer to log in.

Do not allow reuse of the last [N] passwords

Select this option to prevent users from using the same password until they exceed the specified number of unique passwords.

This option is also known as the cyclic passwords option.

Password aging section

Force all users to change password every [N] days

Select to force users to change passwords after the specified number of days.

Force all users to change password on next login

Select to force users to change passwords the next time they log in.

Cisco Webex section

All meetings must be unlisted

Separate options for Webex Meetings, Webex Events, and Webex Training. Check to require that all Webex sessions be unlisted on the site calendar.

All meetings must have a password

The All meetings must have a password setting was removed from Webex Site Administration with the WBS39.10 release, and is permanently enabled. For more information see, Password Enforcement for Webex Meetings, Events, and Training Sessions.

Customers on lockdown sites will still be able to update this setting.

Separate options for Webex Meetings, Webex Events, and Webex Training. Check to require that users must provide a valid password for all scheduled Webex sessions.

By default, the All meetings must have a password option is selected. We strongly recommend that you leave this option selected to help ensure the security of meetings on your site.

Exclude password from invitation

Applies to Webex Meetings only. Select to prevent the password being sent in the invitation email.

Restrict the viewing of recordings to users that are signed in

Separate options for Webex Meetings, Webex Events, and Webex Training. Select to require that users sign in to view recordings. If you do not restrict access to recordings, hosts can apply their own security settings.

Prevent the downloading of recordings

Separate options for Webex Meetings, Webex Events, and Webex Training. Select to prevent users from downloading recordings. If you do not restrict access to recordings, hosts can apply their own security settings.

Allow attendees or panelists to join before host

Applies to Webex Meetings, Webex Events, and Webex Training only. Select to allow participants or panelist to join the sessions before the host joins the session.

The first attendee to join is the presenter

Applies to Webex Meetings only. Select to designate the first attendee that joins the meeting before the host as the presenter. This attendee has the sharing icon and can share content within the meeting. The join session before host option must first be enabled.

Allow attendees or panelists to join teleconference before host

Applies to Webex Meetings, Webex Events, and Webex Training only. Select to allow participants or panelist to also join the teleconference before the host joins the sessions. The join session before host option must first be enabled.

Require strong passwords for meetings

Select to require that all Webex session passwords comply with the strict password criteria that you specify.

WBS39.6 and later sites—Require strong passwords for meetings can't be disabled after January 10, 2020.

Display teleconference information on the meeting Info tab and the Information window

This option controls the display of teleconference information when Personal Conference Numbers are used for telephony. Subscriber access code information can also be displayed with a suboption. By default, the options are enabled but can be disabled for security.

Automatically end meetings if there is only one participant

Applies to Webex Meetings, Webex Events, and Webex Training only. Select this option to automatically end Webex sessions after a specified period of inactivity. You can specify that session hosts be warned some minutes so that they can prevent the meeting from automatically ending in a specified number of minutes. This setting applies to Personal Room meetings and audio-only meetings as well.

Include Host Key in host meeting emails

Applies to Webex Meetings, Webex Events, and Webex Training only. Select this option to automatically include the host key in the host meeting emails.

Other section

Require login before site access

Select this option to require that all users have an account to log in to your Webex service site to host or attend Webex sessions.

Require attendee email address

Applies to Webex Meetings and Webex Training only. Select to require that participants provide an email address to join Webex sessions.

All Access Anywhere sessions must use strict access code

Select to require that users specify Access Anywhere passwords that conform to your strict password criteria. For more information about strict password criteria.

Allow user to store personal information for joining meetings and call-back teleconferences

Select to allow users to store and access personal information, such as name, email, and registration. You can also use this option to remember previously and frequently used numbers when using the Join Teleconference dialog.

Allow individual hosts to reassign their recordings

Select to allow a host to transfer ownership of a network-based recording file to another user.