Table of contents
- Getting Started
- Bookings
- Clients
- Invoicing
- Creating Invoices
- Modifying Invoices
- Updating Invoice Status
- Adding Internal Invoice Notes
- Viewing Invoice History
- Deleting Invoices
- Cloning Invoices
- Merging Invoices
- Printing Invoices
- Emailing Invoices
- Refunding Invoices
- Printing Receipts
- Emailing Receipts
- Quotations
- Online Payments
- Credit Notes
- Manage Invoice Settings
- Printing
- Searching
- Statistics
- Activity Tracker
- Messages, Notes, Watches, and Reminders
- MIDAS Admin Options
- Manage MIDAS
- Manage Appearance Settings
- Manage Booking Settings
- Manage Fields
- Manage Security Settings
- Manage Email Settings
- Manage Print Settings
- Manage Safety Settings
- Manage Invoice Settings
- Manage Database Settings
- Manage Templates
- Manage Public Settings
- Manage Scheduled Tasks
- Manage Miscellaneous Settings
- Check For Updates
- Manage Addons
- Keyboard Shortcuts
- Other Sources Of Support
- About MIDAS
Manage Security Settings
Password Settings
Minimum password length
All users will have to choose a password of at least this number of characters.Force Password Change Every X Days
All users will be required to change their password every X days.Offer to save credentials?
Give users the option to save their login credentials, language and theme selections in the browser they are currently using for the next time they access MIDAS.Password Reset links are valid for
When a user initiates a password reset request, by default the reset link contained within the subsequent password reset email sent to them is only valid for 2 hours. If the user fails to click the link in their email to reset their password within this time frame, the link expires and the user would need to generate a new password reset request again. This setting allows you to change how long these emailed password reset links remain valid for.Disallow Known Breached Passwords
If enabled, users will not be able to change their password to one which appears in any known public data breach and is therefore considered compromised. This option uses the 3rd party Have I Been Pwned? service. For more information, please see this blog post.Two Factor Authentication (2FA)
Two-Factor Authentication requires all users to log in with an additional authorization code sent to their registered email address each time they log in with their regular MIDAS credentials.
This ensures that should a user's MIDAS credentials be exposed/compromised, their MIDAS account access remains secure, provided the attacker doesn't also have access to the user's email account.
Enable Two-Factor Authentication for all users?
Enabling this option turns on Two Factor Authentication for all user accounts, using one of the following methods:Authenticator App
Whenever a user logs into MIDAS, they will need to enter a code displayed on their authenticator app to allow them to complete their login to MIDAS.Device Control
Alert users upon logins from unfamiliar devices
When enabled, whenever a user account is logged into from a new or unfamiliar device, an email notification will be sent to the account holder. The content of this notification may be customized via a template.Session Control
Inactivity forces logout after
Automatically logs out users if they have been idle for the defined period.Always force logout after
Automatically logs our users after a pre-defined length of time, regardless of their activity.Allow Multiple Logins By Users?
If selected, each user will be able to be logged in from multiple browsers/devices at the same time. If not selected, a user will only be able to be logged in from one browser/device at any one time (logging in from another browser/device will automatically log out the previous session).Max Invalid Login Attempts
To prevent unauthorized access and "brute force" attacks, your MIDAS can automatically "suspend" an account if a certain number of consecutive login attempts fail. Once an account becomes "suspended", the user who owns that account is sent an email containing a link allowing them to restore access to their account. Additionally, an administrator with sufficient privileges can "unlock" a suspended account via the Manage Users & Permissions.Allowed IP Range
(Cloud Hosted editions only)For increased security, you can limit who can access the MIDAS login page, based upon their Internet IP address, irrespective of whether they have a valid login for MIDAS.
You can restrict access to a single IP address, or an IP range. This can be useful if MIDAS is hosted on a public web server, which potentially could be accessed by anyone worldwide. MIDAS' "Allowed IP Range" setting can be used to restrict access to users in your own country, organization, or to just you!
IPs are made up of a set of 4 numbers, each ranging from 0-255. These four numbers are each separated by a period (dot) character, and together form an IP address. For reference, MIDAS also displays your current IP address in the security screen.
By default, the "Allowed IP Range" setting in MIDAS is set to *.*.*.*
"*" is a wildcard character, meaning that any value is acceptable. This will not restrict IPs, and will allow access from any IP. You can change this to only allow access from a single IP, by entering the target IP in this box - If you only want to allow access for yourself, simply enter your IP here.
To restrict access to within your own organization / site, you could instead enter something along the lines of "192.168.*.*" - This would allow access to anyone with an IP starting "192.168", so "192.168.2.1" and "192.168.10.200" are examples of IPs that would be allowed.
Rather than use the "*" wildcard character, which will allow any value in the range 0-255, you can instead further limit this to a range of values. For example entering [127-255] would only allow IP's that fell within the 127 to 255 values (inclusive). Example: 172.16.10.[127-255] - Allowed IPs fall in the range 172.16.10.127 - 172.16.10.255