Configure Security Settings

The Tenant Owner and Service Administrators can navigate to Administration > Security to manage the following security settings:

  • Trusted IP address settings – To only allow users to access IBM® Storage Protect for Cloud from certain IP addresses or IP address ranges, configure this setting by referring to the Enable Trusted IP Address Settings section.
  • Password rotation policy for local accounts – This setting is for IBM Storage Protect for Cloud local accounts only (Users with the other sign-in methods follow the related systems' password policies). With the password rotation policy enabled for local accounts, the local accounts will be asked to change their account passwords regularly for the security of their accounts. Complete the following steps to enable the policy:
    1. Click Password rotation policy for local accounts on the Security page.
    2. In the Password rotation policy for local accounts pane, turn on the toggle, select 30/60/90/180 days as the lifespan of the passwords, and click Save to save the configuration.

    Once you enable the password rotation policy, email notifications will be sent to local users 15 days before their password expiration dates.

  • MFA policy for local accounts – Choose whether to enable the MFA (multi-factor authentication) policy for the local accounts to sign in to IBM Storage Protect for Cloud. Once enabled, the MFA policy will be applied to all local accounts within your tenant. For the steps of signing into IBM Storage Protect for Cloud with a local account after the MFA policy is enabled, refer to Sign in with a Local Account.
    Note: When you need to reset MFA for a local account, refer to Manage Users.
  • Session timeout setting – By default, an IBM Storage Protect for Cloud account will be automatically signed out if there is no activity for 15 minutes, and the user can sign in again to start a new session. If you want to extend the session timeout duration to be longer than 15 minutes, complete the steps below:
    1. Click Session timeout setting on the Security page.
    2. In the Session timeout settings pane, set a value for the Login will expire after field by entering a proper number before Hours/Minutes, and click Save to save the configuration. Note that the duration cannot be less than 15 minutes.
  • Concurrent sign-ins from multiple locations for the same account – If your organization does not allow concurrent sign-ins from multiple locations for the same account, turn off the toggle to disable this setting.
    The result will be like the following example: Bob has signed in to IBM Storage Protect for Cloud with an account, and John signed in to IBM Storage Protect for Cloud with the same account at a different location. Upon John’s sign-in, Bob will be automatically signed out.
    Note: This is not a real-time setting. If you disable this setting, it will take effect after a few minutes.
  • Service providers’ access to IBM Storage Protect for Cloud – This toggle is turned on by default and is only available to the customers of the managed service providers. As a customer, if you do not want to allow the managed service provider to access your IBM Storage Protect for Cloud environment, you can turn off this toggle.
  • Reserved IP addresses– If your organization has an access policy and only specific IP addresses are allowed, you must download the list of reserved IP addresses and add the IP addresses to the safe IP address list. For additional details, refer to Download a List of Reserved IP Addresses.
  • ARM VNet IDs – If you are using the Bring your own storage model for IBM Storage Protect for Cloud, are storing your data in the same Microsoft Azure data center as your IBM Storage Protect for Cloud tenant (or in a paired region), and also have a firewall enabled on your storage, you will need to add our service to your virtual network. For additional details, refer to Download ARM VNet IDs.