# Security

<table id="bkmrk-system-name-display-"><tbody><tr><th>System name</th><th>Display name</th><th>Explanation</th><th>Extra info</th></tr><tr><td>**doAdvancedGroupSecurity**</td><td>Advanced group security</td><td>Enables: A) Groups inside groups B) Multiple exclusive groups</td><td> </td></tr><tr><td>**policyHideValues**</td><td>Hide overloaded policies</td><td>Hide values for policies that have been overloaded in the application deployment file</td><td> </td></tr><tr><td>**securityAllowPublicCodeunits**</td><td>Allow anonymous codeunit execution</td><td>It is considered safe to use special codeunits</td><td> </td></tr><tr><td>**securityEnforceExclusiveGroup**</td><td>Require normal users to have Exclusive groups</td><td>All users except Admins must have at least 1 exclusive group</td><td> </td></tr><tr><td>**securityLoginFailedAttempts**</td><td>Login max failed logins</td><td>Number of failed logins before accounts will be disabled</td><td> </td></tr><tr><td>**securityLoginFailedAutoReset**</td><td>AutoReset users</td><td>Automatically reset users that have failed maximum number of logins (sends new password)</td><td> </td></tr><tr><td>**securityPasswordAcceptMD5digest**</td><td>Allow MD5 hashed passwords</td><td>Recommended in transition between MD5 (minor flaws) and SHA256 (very secure)</td><td> </td></tr><tr><td>**securityPasswordCleartext**</td><td>Store passwords cleartext</td><td>Allow passwords to be stored without one-way encryption</td><td> </td></tr><tr><td>**securityPasswordCleartextAllowed**</td><td>Allow cleartext passwords</td><td>Optionally encode all password using admin services</td><td> </td></tr><tr><td>**securityResetPasswordWithoutLogin**</td><td>Reset password without login</td><td> </td><td> </td></tr><tr><td>**securitySslLogin**</td><td>SSL encryption for login page</td><td>Enforce usage of SSL connections on login page using internal redirect. Recommended.</td><td>[Setting up SSL/HTTPS](https://wiki.tsnocode.com/index.php?title=Setting_up_SSL/HTTPS "Setting up SSL/HTTPS")</td></tr><tr><td>**securitySslPages**</td><td>SSL encryption for ALL pages</td><td>Enforce usage of SSL connections on all page using internal redirect. Not recommended.</td><td>[Setting up SSL/HTTPS](https://wiki.tsnocode.com/index.php?title=Setting_up_SSL/HTTPS "Setting up SSL/HTTPS")</td></tr><tr><td>**securityTokenExpiryEnforce**</td><td>Deny old style access tokens</td><td> </td><td> </td></tr><tr><td>**ssoSpnegoAuthenticate**</td><td>SSO via domain controller</td><td>Allow SPNEGO filter to automatically log in authenticated Windows users</td><td> </td></tr><tr><td>**ssoCryptoTokenActive**</td><td>SSO token authentication</td><td>Allow single sign in from external components (ex. TS SSO webpart)</td><td> </td></tr><tr><td>**ssoCryptoTokenSecret**</td><td>SSO token shared secret</td><td>Shared secret password between TS and external services. Value must match exactly.</td></tr></tbody></table>