Here at MINTclass we take the security of your data very seriously but we also know that you need the ability to adjust theses settings to fit in with your school needs. There a three different security screens dependant on how your users access MINTclass.

All the security settings for MINTclass can be found in one place to make things simpler. You will need to be logged into MINTclass as an Admin user and click on Cortex at the top of the screen.

Click on the Security tab on the side bar. You will now see the security page where you can choose to use the defaults set by us or change any of these to suit the needs of your school.

The first section allows you to allow or disallow certain functions. For example:

Allowing email as 2FA is against our recommendation but we understand that staff may not be allowed phones in school. Therefore, we advise that you whitelist your school IP(s) so staff don't need to 2FA when at school. When they are outside of school, such as when at home, then they can 2FA with their mobile.

We have set the 2FA device trusting to allow so that users will not need to use the 2FA every time they log into a trusted machine. If you turn this setting off users will need the 2FA code every time they log into MINTclass.

Finally, you can now allow users to reset their own passwords. If you leave this set to allow then users will be able to reset passwords via email which should save you as an admin user a lot of time.

This section also has three options which allow you as a school to decide time lengths for accounts. For example:

Account Dormancy allows you to decide how many days since the last time a user logged in before the account is disabled and an activation email will need to be sent to the user to allow them to log in again. We have set the default to 180days but you can choose 30, 60, 90 or 365 days instead.

You can now choose how long a user can be logged into MINTclass before they are automatically logged out.  The default here is Browser Session which means that it's down to the user's browser. It will either log you out when you close the browser or some can keep you logged even after you close. You can alternatively choose 1 hour, 6 hours, 12 hours or 24 hours.

When a new user or a user who has been reactivated logs in you will need to send them an activation email (from the staff admin screen). You can decide how long the link in this email remains active for. We have set the default to 7 days but you may wish to choose 1, 2, 14 or 30 days.

As previously stated we take security here at MINTclass very seriously not only to protect users but students as well. We have now added a password security setting for which the default is Level 3. You can change this to Level 2 if your users are struggling to enter in a new strong password, or even further down to a Level 1. For more information on password security please click here.

This section of the security tab contains setting such as your school email suffix and IP whitelisting.

If you want to make sure that users only use school email addresses to log into and reset passwords for MINTclass than add you your school email suffix here - for example, @myschool.org.

If you don't want users to have to use 2FA in school you can add your schools external IP address or range of IP addresses here.