To manage settings, you must have Settings service privilege.
Using settings, you can control the number of login attempts made by a user to log on to Launchpad.
You can control the time duration for which the user is locked out of the Launchpad after the specified number of unsuccessful login attempts. The message to be displayed on lockout can also be specified here. You can also specify the minimum password length in the settings.
Apart from this, you can enable or enforce two-factor authentication for the customer or organization from the Settings page. Refer to Manage Two-Factor Authentication for details on enabling or enforcing two-factor authentication.
To configure or edit the global settings, perform the following steps.
1. Log in to the Launchpad using your credentials.
2. Click Admin.
3. Click Settings.
4. You can configure the settings on this page as follows:
Lockout Policy
| Option | Description |
| Maximum failed login attempts | The maximum allowed attempts, along with the time duration, during which these attempts are allowed |
| Lockout period | The lockout period, in minutes, for which the user is not allowed to log on after the failed login attempts within the specified time duration. |
| Message displayed on lockout | The message to be displayed to the user if he or she tries to log on during the lockout period. |
Password Policy
| Option | Description |
| Password Complexity | The length of the password. The minimum length is 8 characters. Password Complexity: Select this option if the password should contain at least 1 lower case letter Select this option if the password should contain at least 1 number It is mandatory that the password must contain at least 1 special character (! @ # $ % ^ & * ( ) = + { } : ; < > , ` ~ ? _ | . ). It is mandatory that the password must contain at least 1 upper-case letter It is mandatory that the password must not be the same as username. |
| Password Expiry / Uniqueness | Enable
Password Expiry This option is auto- selected when you select the Enable Password Expiry option. You can specify that the password should not match with last ‘x’ number of passwords. |
Note: The Password Policy settings will take effect when the user’s password expires or when the user changes the existing password.
Opt-outs:
| Option | Description |
| I don't want Arista Personnel to access my account as administrator | In order to troubleshoot and resolve technical issues, Arista Networks may need to access your production cloud account with administrator privileges. To expedite resolution, Arista Networks support personnel have administrator access to customer accounts by default. By checking this option, Arista Networks will not be able to access your account with administrator privileges. However, Arista Networks will retain limited access to your account for maintenance purposes, which cannot be disabled by this checkbox. This limited access has ‘Viewer only’ privileges and does not reveal network keys, passwords, and wireless user identities in your network. You may uncheck this option again in the future, if you do not wish to restrict administrator access to your account by Arista Networks. Note: This setting will not impact any current or future user accounts that you may create for any Arista Networks employees. These users will be able to access your account with the profile you have assigned to them. |
| I don't want Arista to manage my AP upgrades | If you select this option, Arista Networks will not upgrade AP related software automatically. |
2-Factor Authentication: 2-factor authentication is an authentication process where an Administrator user can authenticate with two different identification credentials. For more details, refer Manage Two-Factor Authentication.
| Option | Description |
| 2-Factor Authentication | Select to enable 2-Factor Authentication. Refer Enable_Two-Factor_Authentication for more details. |
| Force 2-Factor Authentication | Select to enable Force 2-Factor Authentication. Refer Enforce_Two-Factor_Authentication for more details. |
Allowed IPv4 addresses for Log In: An Administrator user can restrict access to Launchpad and other services based on the IP addresses for a user session. The available options are:
Specific IP: Select this option to enter the list of allowed IPv4 addresses from which users can log in to and access Launchpad. Enter an IP address and click Add to include the IP address in the allowed list of IP addresses. Only user sessions originating from the IP addresses mentioned in this list will be allowed access.
IP range: Select this option to enter a range of IP addresses from which users can log in to and access Launchpad. Enter the starting and ending IP addresses of the IP range and click Add to include the IP address range in the allowed list of IP addresses. Only user sessions originating from the IP addresses that are in the range will be allowed access.
Note: A maximum of 25 IP addresses and/or IP address ranges can be included in this list.
For Specific IP and IP range, the guest user will receive an error message (“Your IP address is blocked. Please contact the system administrator.”), when the user accesses Launchpad from a non-configured IP.
Restrict session to the IP address from where user logs in: Select this option to restrict a user session to an IP address. That is to say, after a user logs in to Launchpad, any actions initiated on Arista Launchpad or other services accessed from the same user session are restricted to the IP address from which the user logged in. If the IP address of the system from which the user session was initiated changes, then the user is logged out and asked to log in again.
Note: Currently, the IP addresses are validated only for actions originating from Launchpad.
Prevent concurrent logins from the same user account: Select this option to deny access to an already logged in user when the user tries to log in again with the same credentials. Once this option is configured, a user can have only one session active at a given point of time.
Note: All active user sessions, while these configurations are being enabled, will not be impacted by these changes.
Let’s go through a few scenarios to understand how these settings impact the Launchpad users.
Scenario 1: User is currently logged in to Launchpad and accessing another service too. You as the administrator, enable and configure one or more of these settings.
The logged in user will not be impacted and his current sessions will run smoothly. These settings will come into play when he starts a new session.
Scenario 2: User has a session active from IP address 192.166.12.100. You as the administrator, enable and configure these settings. User initiates a new session with the same user account from 198.162.121.110 (different IP address).
If you have configured the allowed IP addresses, Launchpad will check whether 198.162.121.110 is in the allowed IP list. If not, the user is shown a message stating the IP address is blocked.
If the IP is in the allowed IP list and if you have restricted concurrent login from same user account, the user is shown a message stating concurrent session is prevented. If the user chooses to continue with the new session, the existing session from 192.166.12.100 will be terminated. If the user terminates the new session, the existing session on 192.166.12.100 will remain active, even if this IP is not in the allowed IP addresses list because that session was created before the new settings were put in to effect.
If the user continues with the new session from 198.162.121.110, and the restrict session to IP is enabled, then whenever the user accesses a new service or makes changes in any of the services, including Arista Launchpad, the user session will be validated to check whether the action originated from the IP address 198.162.121.110. If the user’s public IP changes while the session is active, say the user switched from corporate network to home network, the session will be logged out and user will be asked to re-log in.
Note: The public IP address is validated and not the private IP address.
Scenario 3: User does not have any active sessions. You as the administrator, enable and configure these settings. User initiates a new session from 192.166.12.115.
If you have configured the allowed IP addresses, Launchpad will check whether 192.166.12.115 is in the allowed IP list. If not, the user is shown a message stating the IP address is blocked.
If the IP is in the allowed IP list and you have enabled the restrict session to IP option, then whenever the user accesses a new service or makes changes in any of the services, including Launchpad, the user session will be validated to check whether the action originated from the IP address 192.166.12.115. If the user’s IP changes while the session is active, say the user switched from corporate network to home network, the session will be logged out and user will be asked to re-log in.