A section devoted to security enhancements can be found under the "Settings / Configuration" area of the CMS. These optional features are often restricted to administrators; if you have questions about them, feel free to reach out to Crownpeak support.
Disable User Account - An administrator can choose how many times a user can attempt to login. After the chosen amount of failed attempts, the user will be locked out and the account disabled temporarily. An administrator will need to re-enable the account and will be notified via an email alert; the email account used for the alert is on file under the Configure / General area of the Settings section.
Login Settings for User Accounts - an option for restricting users from logging into the CMS during a specified amount of time. The period of time is configurable. Users who try to access the CMS between the restricted time range will be notified clearly on the login screen.
User Account Inactivity - ability to force a logout of the application if a user is idle. The amount of time idle before forcing a logout is configurable. The user will be warned 1 minute prior to the logout event. If they do not remain active, they will be logged out and have to sign back in.