Enforce Access Control

By default Sendbird’s Dashboard provides new Member onboarding by way of emails as usernames and passwords. Consider that you can enhance your organization's security with additional password protection options. For example, you can enforce account lockout policies, automatic sign-out, account inactivity handling, password reuse restrictions, and password expiration settings.

To view the image in full screen, click on the

These settings can be configured in the Access Control section of the organization settings. Below is a breakdown of the five available options:

1. Lock Account After 5 Incorrect Passwords:
   To prevent unauthorized access attempts, we lock a user's account after five consecutive incorrect password entries.

2. Auto Sign-Out After 60 Minutes of Inactivity:
   Users are automatically logged out after 60 minutes of inactivity. To log back in, they must re-enter their account ID and password.

3. Inactivate Account After 90 Days of No Login Attempts:
   Accounts are inactivated if no login attempts are made for 90 days. Once inactivated, the account must be reactivated before it can be used again.

4. Don’t Allow Using the Last Two Passwords:
   To guard against potential password compromise, we restrict the use of the last two previous passwords.

5. Enable password expiration:
   Passwords can be set to expire after a specified period, ranging from a minimum of 30 days to a maximum of 365 days. Once the period expires, users will be required to set a new password.