...
Newly created users will have no roles assigned. A user must be assigned at least one role to be able to log into ClinSpark.
Users can be restricted to 0 or more studies and sites. By default, users can interact with any study and site in the system unless defined otherwise by their account configuration, or, specific access controls in place on a given study. Information about managing user access for sites and studies can be viewed in this article: Restricting User Access
User management features are designed to meet CFR 21 Part 11 guidelines:
Sessions timeout at configurable interval
Passwords and accounts can be configured for expiration
Failed login attempts are tracked; user can be locked out after configurable number of failures and alerts are sent when failures threshold is reached
Lockout duration is configurable
Passwords ‘in plain text’ are not stored in the database, but rather a salted hash is stored
...