Vanguard provides a simple but powerful interface for managing global application settings. It allows administrators (or any other users with appropriate permission) to easily enable/disable registration, Two-Factor Authentication, Authentication Throttling and more.
General settings section is used for updating the application name. Once application name has been updated, it will change the entire system, so you don't have to edit any code at all.
Authentication settings section contains everything that will allow easy authentication configuration.
Allow "Remember Me"? - used to enable/disable the checkbox for remembering the user, that is available on the login page. If this option is set to OFF, users will be automatically logged out once their session expires.
Forgot Password - used for enabling/disabling reset password feature. If it is set to OFF, users won't be able to reset their password if they forget it.
- Reset Token Lifetime - integer variable that represents a lifetime of password reset token (in minutes).
Authentication Throttling is a security feature that will prevent brute force attacks. If it is enabled and user enter the wrong password for a specific number of times (check "Maximum Number of Attempts" option below), his account will be locked for a predefined period of time.
Available options are:
Throttle Authentication - used to enable/disable authentication throttling
Maximum Number of Attempts - maximum number of times that user can enter wrong credentials before his account is locked for some period of time
- Lockout Time - the number of minutes that represent how long user account will be locked. For example, if this parameter is set to 2 and Maximum Number of Attempts parameter from above is set to 5, this means that after some user enter wrong credentials for 5 times, his account will be locked down for 2 minutes.
If this option is enabled, users will be able to enable/disable 2FA using Authy secure service if they want to from their Profile page. In order to enable 2FA, check configuration section to see how to get the required API key.
Registration settings are used to quickly configure registration process or to disable it completely. Page with self-explanatory options is provided below.
Notifications settings contain an option for enabling or disabling email notifications when a new user signs up. If it's enabled, all users with Amin role will receive a notification when a new user signs up.