The Pulsara platform offers several security settings that can be configured per organization.
The settings described in this article appear in Pulsara MANAGER and are editable by an organizational admin. The settings are:
- Mobile Login Duration
- Mobile PIN Duration
- Require Mobile Device Lock
- Browser Idle Timeout
- Enable Password Expiration / Max Password Age (days)
Note: If your organization utilizes federated authentication, your organization's Identity Provider (IdP) settings will take precedence over some Pulsara security settings. See notes under each section if this applies.
Mobile Login Duration determines how long a user may remain logged into Pulsara MOBILE without having to login again.
When the Mobile Login Duration is reached, a message appears indicating that the session has expired and the app automatically navigates to the Login screen to allow re-entering credentials to begin using the app again. There are many Mobile Login Duration values offered ranging from 1 day to Infinite.
NOTE: Using the Infinite setting is not recommended as a security best practice.
NOTE: If your organization has configured our OIDC compliant Federated Authentication integration, the Mobile Login Duration is not applicable. The mobile login duration time period will be set by your IdP.
Mobile PIN Duration determines how long the Pulsara mobile app may be used prior to having to re-enter the Pulsara PIN for the logged in account.
For example, if Mobile PIN Duration is set to 1 hour, the following behaviors will be in place:
- Users can leave the app in the foreground for 1 hour before the mobile PIN screen will automatically appear
- Within the hour, users may interact with the app and or place it in the background and/or bring the app to the foreground without having to re-enter their PIN.
The app will never force PIN re-entry if the app is actively being used, even if the Mobile PIN Duration has been reached. In the example of the 1 hour PIN Duration, if the app was left inactive for 59 minutes and then was used to view a patient and then left idle again, the PIN screen would not appear until 5 minutes of additional inactivity.
Require Mobile Device Lock controls whether the Pulsara mobile app can run on a device that does not have a security lock enabled in the device operating system settings. Typically these settings cause a device to go to “sleep” and lock after a certain amount of inactivity. When this device setting is enabled, either a passcode, thumbprint, or Face ID is required to unlock the device for continued use.
When the Require Mobile Device setting is set to Yes and a device does not have a lock screen enabled, the Pulsara app will enter a 72 hour grace period after which it will not allow the app to be used for patient care until a lock is added. When the Require Mobile Device setting is set to No, the Pulsara app may be used regardless of whether a device level lock screen is in use.
Pulsara recommends that mobile devices used for the Pulsara mobile app have an automatic device lock setting enabled.
NOTE: The Mobile PIN Duration and Require Device Lock settings only affect mobile devices running Pulsara 12.1 or higher.
Browser Idle Timeout controls the amount of time the Pulsara Browser App (Pulsara HQ) may remain inactive prior to automatically logging out.
NOTE: If you are automatically logged out while using Pulsara HQ and you are on call, your call status will remain unchanged. When logging back in, you will not be prompted with the Call Status window if you login with the same account as long as less than 8 hours has passed.
NOTE: If your organization has configured our OIDC compliant Federated Authentication integration, the Browser Idle Timeout is only applicable if the id_token is greater than the Browser Idle Timeout. A user's browser sessions will be logged out by the value that expires first - IdP setting or Browser Idle Timeout. For example, if the IdP is set for 1 hour and the Browser Idle Timeout is set for 14 hours, the user will be logged out at 1 hour.
Enable Password Expiration / Max Password Age (days) - these settings work in conjunction with each other. If Enable Password Expiration is set to *No*, Max Password Age (days) cannot be set. If Enable Password Expiration is set to *Yes*Max Password Age (days) can be set with a value between 30 and 1000.
When a password expiration value is set, users at your facility will be able to use Pulsara freely until they enter the password reset grace period, which begins 3 days prior to the day when their password expires. Once the grace period is reached, users will begin to see a warning message indicating their password is about to expire each time they login or PIN into Pulsara. The message indicates the specific date by which the user’s password must be changed. While in the grace period, a user may continue to use Pulsara. Once the grace period has expired, users cannot use Pulsara and must reset their password in order to continue using the application. Once the password reset is complete, the password expiration clock is reset back to zero and the expiration timeline begins again.
NOTE: If your organization has configured our OIDC compliant Federated Authentication integration, the Password Expiration / Max Password Age is not applicable. The Password Expiration / Max Password age time period will be set by your IdP.