Group Permissions in Vocera Platform / Permission Categories in Vocera Platform

Parent topic: Permission Categories in Vocera Platform

Security Permissions in Vocera Platform

Use security permissions to authenticate users and control access to the Vocera Platform features.

Security permissions can be conceptually grouped into these categories:

Session Time and Access Control
Password Authentication
PIN Authentication
Voice PIN and Biometric Authentication

Note: Security permissions are not organized into these categories in Vocera Platform.

Session Time and Access Control

Permissions	Description
Console Session Timeout	Grants permission to group members to remain inactive for a configurable amount of time before they are automatically logged out of the system. When this permission is granted, it allows the facility to establish how many minutes a user can remain inactive and logged into the system. You can set a console session timeout value (in minutes) between 1 and 10,000 minutes. The default timeout value is 5 minutes, after which the browser requires a user to login again
Controls access to patient details	Grants full or partial access to patient details. You can set one of the following options: restricted — the "restricted" access excludes patient records in roster search results and omits patient details displaying in a patient linked conversation. full — the "full" access permits patient records in the roster search results and includes all patient details in patient linked conversations. The "full" value is also the default value for this permission.
Disable Usage Analytics	Grants permissions to opt out of sending usage analytics data to the cloud. Grant this permission if your organization does not allow data collection from user devices. Usage data is tracked by default. When the "Disable Usage Analytics" permission is granted to a group, the feature usage data is no longer tracked. Note: Feature usage analytics doesn't track any personal data.
Mobile Client inactivity timeout	Grants permission to set a time value (in minutes) for which the mobile client user can remain inactive in the application. When this time has elapsed with the app in the background, the user must re-authenticate before interacting with the app again. You can enter a value within the range of 1 to 10080 minutes. Note: Vocera Vina disconnect timeout is on by default. The default value is 5760 minutes. If PIN authentication is enabled, the user can enter either the PIN or the password to re-authenticate. If PIN authentication is disabled, the user can enter their password to re-authenticate.
Mobile Client trusted certificate required	Prevents the user from accepting an untrusted certificate when logging in.
Vocera Vina Disconnect Timeout	Grants permission to set a maximum value of time (in minutes) for which the Vocera Vina application may be disconnected from the server before being automatically logged out. The Vocera Vina application uses this time to refresh the security access with the Vocera Platform server. You can enter a value within the range of 1 to 10080 minutes. Note: Vocera Vina disconnect timeout is on by default. The default value is 5760 minutes. This setting triggers the "Your authentication is running out, please open the Vina app to reauthenticate" notification for iOs users, and cannot be disabled.
Workflow Access Permissions	Grants permissions to access the workflows available in the system. See Workflow Access Permissions in Vocera Platform for more information. .

Password Authentication


Console reset password allowed	Grants permission to group members to reset the Web Console passwords. When this permission is granted, group members can reset passwords for the Web Console users.
Password expiration	Grants permission to set a password expiration period to force password expiration after the configured number of days. Enabling Password Expiration means a value must be provided for the number of days before a password expires. Password expiration limit (in days) must be between 1 and 1000 days. The default Password expiration limit is 30 days.
Password retention	Grants permission to restrict users from reusing one or more expired passwords. Users are unable to reuse a password as long as it is retained. Password retention (in days) must be between 1 and 1000 days. The default Password retention limit is 90 days. Note: You must enable the "Password expiration" permission first in order to configure the "Password retention" limit. Once the "Password expiration" permission is enabled, the "Password retention" permission is available to select from the dropdown list.
Password maximum number of invalid attempts	Grants permission to set a limit for the maximum number of times users can attempt to enter their password. When the invalid attempts number is exceeded without entering the expected password, the user is locked out of the device. The default number of invalid attempts is 3. You can enter a value between 1 to 10 to set a limit to the number of invalid attempts.
Password minimum number of characters	Grants permission to set a limit to the minimum length for passwords regardless of the types of characters in the passwords. Password minimum number of characters must be between two and 64. The default value is 4 characters.
Password minimum lowercase characters	Grants permission to set a limit to the minimum number of lowercase (a-z) characters required for a password. Adding this item requires passwords to contain a minimum number of lowercase characters. You can configure a value between 1 to 64. The default value for Password minimum number of uppercase characters is one. You must configure the "Setting Password Minimum Number of Characters" permission to configure this permission.
Password minimum number of digits	Grants permission to set a limit to the minimum number of digits required in a password. You can add the "Password Minimum Number of Digits" permission, if the "Password Minimum Number of Characters" permission is already configured. Adding this permission requires passwords to contain a minimum number of numerical characters. Password Minimum Number of Digits must be between one and 64.
Password minimum number of special characters	Grants permission to set a minimum number of uppercase character requirement for a password. Adding this item requires passwords to contain a minimum number of uppercase (A-Z) characters. You can configure a value between 1 to 64. The default value for Password minimum number of uppercase characters is one. You must configure the "Setting Password Minimum Number of Characters" permission before configuring this permission.
Password minimum uppercase characters	Grants permission to set a minimum number of special character requirement for a password. Adding this item requires passwords to contain a minimum number of special characters. You can configure a value between 1 to 64. The default value for Password minimum number of special characters is one. You must configure the "Setting Password Minimum Number of Characters" permission before configuring this permission. For a list of supported special characters, see the Supported Special Characters in Vocera Platform section.

PIN Authentication

Permissions	Description
PIN authentication	Grants permission to enable PIN authentication for users. The PIN authentication permission enables or disables the PIN authentication feature on the Vocera Vina and Vocera Smartbadge. For information on using the PIN Authentication feature, see Enabling PIN Authentication in Vocera Platform.
PIN expiration	Grants permission to configure PIN expiration (in days) to allow PINs to expire after the configured number of days. You can select a value between one to 1000 days. The default PIN expiration value is 30 days. Important: You must enable PIN authentication to configure PIN expiration. The default value is 90 days.
PIN expiration warning	Plays a warning message on a Vocera device enabled for PIN authentication. Depending upon your PIN expiration value, you can enter a value within the range of one to 1000 days. The default value for PIN expiration warning is 3 days. Note: You must enable PIN expiration to configure a value for PIN expiration warning.
PIN retention	Restricts users from reusing one or more expired PINs; setting PIN retention prevents users from reusing a PIN as long as it is retained. The default value is 90 days. Note: You must enable PIN expiration to configure a PIN Retention value.
PIN maximum number of invalid authentications	Grants permission to set a maximum limit for unsuccessful PIN login attempts. When the maximum number of login attempts is exceeded, the user's PIN must be updated in the user's account. You can enter a value for maximum PIN length between 1 to 10. The default value is 3 invalid attempts. Note: You must enable PIN authentication to configure a value for maximum number of invalid PIN authentication attempts.
PIN minimum number of characters	Grants permission to set a minimum character limit for PIN length. The default character limit is 4 characters.
PIN authentication bypass for Cisco phones	Grants permission to enable PIN authentication bypass for Cisco phones. This permission is only applicable to Cisco phones users. For detailed configuration information, refer to the Vocera CUCM Adapter documentation available on the Vocera Documentation Portal.
PIN authentication bypass for SpectraLink XML phones	Grants permission to enable PIN authentication bypass for SpectraLink XML phones. The permission only applies to users with SpectraLink XML phones. For detailed configuration information, refer to the Vocera SpectraLink XML Adapter documentation available on the Vocera Documentation Portal.

Voice PIN and Biometric Authentication

Permissions	Description
Erase voice pin	Grants permission to delete a voice PIN number. When this permission is granted, users can erase their previously recorded voice PIN using the voice command.
Record voice pin	Grants permission to record a voice PIN authentication number. When this permission is granted, users can record a 5 digit voice PIN through voice commands.
Require authentication to log in	Grants permission to enable voice PIN authentication for user at the time of logging-in to the Vocera systems. When this permission is granted, users must enter a 5 digit voice PIN to log in. Note: Administrators cannot login as another user, if the user has a voice PIN set up for login.
Require authentication to play messages	Grants permission to enable voice PIN authentication to listen to messages. When this permission is granted, users must enter a 5 digit PIN to listen to their voice messages. Note: Administrators cannot play the voice messages when they login as another user, if the user has a voice PIN set up for playing messages.
Vocera Vina allows using biometric unlock	Grants permission to enable biometric authentication for the Vocera Vina clients. When this permission is granted, group members can use the TouchID or Fingerprint ID on their Android or iOS mobile clients to access the Vocera Vina app instead of using an app PIN. This permission is specially useful for the Vocera Vina users who bring their own devices. A system administrator can look up the device inventory and confirm if the device Is Shared or personal. If the device is not shared, users for this personal device can use the biometric authentication.

Parent topic: Permission Categories in Vocera Platform