ClearPoint Security & Privacy - Understanding Security options in ClearPoint

- From the Control Panel click on **System Settings** - Select **System Setup** - Click **Organization and Security** under Standard Features

- Under **Organization Name**, enter the name you would like to be displayed in the upper left-hand corner of ClearPoint - You can also enter an **Industry** - Under **Primary Mailing Address**, you can input the best mailing address to receive special ClearPoint packages!

- Under **Points of Contact**, you can fill out contact information for - **Account Administrators** - **Billing Contacts** - **Decisionmakers** - **Technical Admins**

- From the Control Panel click on **System Settings** - Select **System Setup** - Click **Organization and Security** under Standard Features

- Navigate to the **Options tab** - Use the **Default Currency dropdown menu** to select a currency for your account. - Check the box next to **Prevent Users From Changing Home Page** if you don’t want users to be able to change their home page. - Check the box next to **Lock Account** if you don’t want anyone logging into ClearPoint at this point. - You can adjust the **Locked Account Message** to better communicate the reason why they cannot log in.

- Inserting a **Custom Logout URL** will automatically send users to the destination of the URL when they log out of ClearPoint. - This is a great option for any organization that uses Single Sign On (SSO) as you can redirect users to your application dashboard page, rather than our login page. - You could also choose to send users to a specific page, like maybe [a blog about how wonderful ClearPoint is](https://www.clearpointstrategy.com/10-reasons-we-love-clearpoint-you-will-too/)!

- From the Control Panel click on **System Settings** - Select **System Setup** - Click **Organization and Security** under Standard Features

- Navigate to the **Security tab** - **Password Validation Regular Expression** controls the characters required for passwords to ClearPoint. - **Password Validation Message** is how you can communicate the password requirements to your users. - This will appear on the login screen when they are creating a new password.

- Clicking on the check box next to Require Two-Factor Authentication will require that all of your users go through Two-Factor Authentication upon logging in. - To learn how this works, check out this Help Center [article](https://support.clearpointstrategy.com/en/articles/8742803-authentication-enabling-two-factor-authentication).

- Checking the box next to **Prevent Multiple Logins** is useful if you do not want multiple people using the same login credentials. - Users will be kicked out of ClearPoint if someone attempts to log in with the same credentials.

- Checking the box next to **Expire Passwords Every 90 Days** will force your users to reset their password upon logging in every 90 days. - It is recommended to have users reset their passwords regularly.

- Checking the box next to Reset All Passwords will require that every user in your account resets their password the next time they log in.

- Under **Context Security**, you can select an option from the **Invalid Content Policy** dropdown menu. - The default option in this menu is **Warn and Auto-Clean Invalid Content**, however, there are other options in this menu. - It is possible that while you are navigating around ClearPoint, you come across a red message that states: “Warning: Invalid or potentially dangerous content was filtered out of this field. Please contact [[email protected]](mailto:[email protected]) for more information.” - This message indicates that the field’s HTML has potential for cross-site scripting, a security vulnerability allowing a user to alter the code that an application delivers to a user which is executed in the user’s web browser. We implemented a tool that searches for this vulnerable HTML and auto cleans it. - The Invalid Content Policy dropdown menu controls the options on this tool. - For more information about this, feel free to read [this article](https://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer) that explains how we approached preventing cross-site scripting.