Security Settings
For: Admin | Tier: Standard+
Security Settings give you control over how your team accesses Tellus and visibility into who has logged in and when. For organizations handling sensitive chemical data and compliance records, these controls help you maintain the integrity of your safety program.
Session Management
Tellus enforces automatic session expiration to protect your account:
- Session duration — User sessions last 12 hours from the time of login
- Automatic logout — After 12 hours, users are signed out and must log in again
- Single session — Each user can have one active session at a time
These settings are system-managed and apply to all accounts. Custom session duration configuration is planned for Pro plans.
Password Policies
All Tellus accounts enforce baseline password requirements:
- Minimum length — 8 characters
- No password reuse — Tellus prevents users from reusing recent passwords
- Password reset — Users can reset their password at any time from the login page
Additional password policy controls (complexity requirements, expiration periods, forced rotation) are planned for Standard and Pro plans.
Login Audit Trail
The login audit trail records every authentication event for your company's users:
| Event | What's Recorded |
|---|---|
| Successful login | User email, timestamp, and session start |
| Failed login attempt | Email used, timestamp, and failure reason |
| Session expiration | User email and timestamp when session timed out |
| Password reset | Email address that initiated the reset and timestamp |
The audit trail is valuable for:
- Security monitoring — Spot unusual login patterns or failed access attempts
- Compliance documentation — Demonstrate access controls during OSHA audits
- Incident investigation — Determine who was logged in when a change was made
Viewing the Audit Trail
Administrators can view the login audit trail from AdminHQ > Security > Login History. The log shows the most recent events first and can be filtered by user, date range, or event type.
Exporting the Audit Trail (Pro)
On the Pro plan, you can export the audit trail as a CSV file for long-term record-keeping or integration with your organization's security tools.
Access Policies
Access policies let you control how users connect to Tellus:
- Invitation-only access — New users can only join your company through an administrator's invitation. There is no way for someone to add themselves to your account.
- Invitation expiration — Invitation links expire after 7 days. Expired invitations can be resent from the Pending Invites page.
- Role-based access — Every action in Tellus is gated by the user's assigned role and permissions
SSO Configuration (Pro, Coming Soon)
Single Sign-On will allow Pro plan customers to connect Tellus to their identity provider (IdP):
- SAML 2.0 support for enterprise identity providers
- Automatic user provisioning — New users are created in Tellus when they authenticate through your IdP
- Centralized access control — Manage Tellus access from your existing identity management system
SSO configuration is currently in development for Pro plan customers.
What Admins Can Configure vs. What's System-Managed
| Setting | Configurable? | Details |
|---|---|---|
| Session duration (12 hours) | System-managed | Cannot be changed; applies to all accounts |
| Password minimum length | System-managed | 8 characters for all users |
| Invitation expiration (7 days) | System-managed | Cannot be changed |
| View login audit trail | Admin-configurable | Standard+ plans can view; Pro can export |
| Role permissions | Admin-configurable | Pro plans can edit non-admin role permissions |
| SSO | Admin-configurable | Pro plans (coming soon) |
Tier Availability
| Feature | Starter | Standard | Pro |
|---|---|---|---|
| Session management (12-hour expiry) | Included | Included | Included |
| Password policies (basic) | Included | Included | Included |
| Login audit trail (view) | -- | Included | Included |
| Login audit trail (export) | -- | -- | Included |
| SSO configuration | -- | -- | Coming soon |
| Custom session duration | -- | -- | Coming soon |
| Advanced password policies | -- | Coming soon | Coming soon |
Related Pages
- Users & Roles — Manage who has access and what they can do
- Governance & Audit — Broader audit trail covering data changes and approvals
- Sign In — How users log in and reset passwords