Security Settings
For: Admin
Security Settings give you control over how your team accesses Tellus and visibility into who has logged in and when. For organizations handling sensitive chemical data and compliance records, these controls help you maintain the integrity of your safety program.
Session Management
Tellus enforces automatic session expiration to protect your account:
- Session duration — User sessions last 12 hours from the time of login
- Automatic logout — After 12 hours, users are signed out and must log in again
- Single session — Each user can have one active session at a time
These settings are system-managed and apply to all accounts.
Password Policies
All Tellus accounts enforce baseline password requirements:
- Minimum length — 8 characters
- No password reuse — Tellus prevents users from reusing recent passwords
- Password reset — Users can reset their password at any time from the login page
Additional password policy controls (complexity requirements, expiration periods, forced rotation) are planned for a future release.
Login Audit Trail
The login audit trail records every authentication event for your company's users:
| Event | What's Recorded |
|---|---|
| Successful login | User email, timestamp, and session start |
| Failed login attempt | Email used, timestamp, and failure reason |
| Session expiration | User email and timestamp when session timed out |
| Password reset | Email address that initiated the reset and timestamp |
The audit trail is valuable for:
- Security monitoring — Spot unusual login patterns or failed access attempts
- Compliance documentation — Demonstrate access controls during OSHA audits
- Incident investigation — Determine who was logged in when a change was made
Viewing the Audit Trail
Administrators can view the login audit trail from AdminHQ > Security > Login History. The log shows the most recent events first and can be filtered by user, date range, or event type.
Exporting the Audit Trail
You can export the audit trail as a CSV file for long-term record-keeping or integration with your organization's security tools.
Access Policies
Access policies let you control how users connect to Tellus:
- Invitation-only access — New users can only join your company through an administrator's invitation. There is no way for someone to add themselves to your account.
- Invitation expiration — Invitation links expire after 7 days. Expired invitations can be resent from the Pending Invites page.
- Role-based access — Every action in Tellus is gated by the user's assigned role and permissions
SSO Configuration (Coming Soon)
Single Sign-On will allow you to connect Tellus to your identity provider (IdP):
- SAML 2.0 support for enterprise identity providers
- Automatic user provisioning — New users are created in Tellus when they authenticate through your IdP
- Centralized access control — Manage Tellus access from your existing identity management system
SSO configuration is currently in development.
What Admins Can Configure vs. What's System-Managed
| Setting | Configurable? | Details |
|---|---|---|
| Session duration (12 hours) | System-managed | Cannot be changed; applies to all accounts |
| Password minimum length | System-managed | 8 characters for all users |
| Invitation expiration (7 days) | System-managed | Cannot be changed |
| View login audit trail | Admin-configurable | All accounts can view and export |
| Role permissions | Admin-configurable | Admins can edit non-admin role permissions |
| SSO | Admin-configurable | Coming soon |
Availability
All security features listed above are included on every Tellus EHS account ($99/month). SSO and advanced password policies are coming soon.
Related Pages
- Users & Roles — Manage who has access and what they can do
- Governance & Audit — Broader audit trail covering data changes and approvals
- Sign In — How users log in and reset passwords