Parameters
Parameters are the operational configuration of the organization: password lifetime, default finding deadlines, report code format, due-date reminders, and more. They live in Administration → Configuration and apply to the whole organization.
Parameters are touched once at implementation and then only when a policy changes. It pays to review them at the start and from time to time as operations mature.
note
If Mawidabp is integrated with Active Directory or Entra ID, several parameters related to passwords and sessions are delegated to the provider and are not managed from here.
Session and password parameters
| Parameter | Description | Default |
|---|---|---|
| Allow concurrent sessions for the same user | How many sessions a user can have open at the same time. | 1 |
| Failed login attempts | Attempts before the account is locked. | 3 |
| Inactivity timeout | Time without activity before the session is closed. | 15 minutes |
| Days before deleting inactive accounts | Days without sign-in before the account is deleted. | 90 |
| Password expiration warning | Days before expiration to warn the user. | 15 |
| Maximum password lifetime | Days before the password must be changed. | 30 |
| Minimum password lifetime | Days that must pass before the password can be changed again. | 1 |
| Minimum password length | Minimum number of characters. | 8 |
| Password composition control | Regular expression the password must satisfy. | ^(?=.*[a-zA-Z])(?=.*[0-9]).*$ |
| Password history | How many previous passwords cannot be reused. | 12 |
note
All parameters in this table are delegated to the provider when integrated with AD/Entra ID.
Findings and issues parameters
| Parameter | Description | Default |
|---|---|---|
| Days before considering an issue without response as unanswered | Days without a comment from the auditee before the status changes to "No response". | 3 |
| "Pending findings summary" notification period in weeks | Every how many weeks the summary of overdue findings is sent. 0 disables the feature. | 0 |
| Days before an issue due date when the system will notify | Comma-separated list of days. By default 7,1 sends an alert 7 days before and another 1 day before the due date. | 7,1 |
| Require audit manager on findings | Only the audit manager can approve a finding. | 0 (disabled) |
| Filter issues by current user | If 1, each user only sees their assigned findings; if 0, sees all of the organization. | 1 |
| Skip copying previous issue data when reiterating | When reiterating an issue, if 1 the previous text is not copied; only the relationship is set. | 0 |
| Show timestamps in follow-up | Show day and time of comments. | 1 |
| Days when a confirmation request must be sent | Array of days for confirmation reminders. E.g. 2,5,7 sends reminders on day 2, 5, and 7. | 1 |
Report parameters
| Parameter | Description | Default |
|---|---|---|
| Report identification code format | Regular expression that validates the report code. | ^(\d){2}-[A-Z]{2}-(\d){2}-(\d){2}$ |
| Allow editing closing date | Allows modifying the closing date of the final audit report after issuance. | 0 (disabled) |
| Show print date in PDFs | Include the print date in generated PDFs. | 1 |
Survey parameters
| Parameter | Description | Default |
|---|---|---|
| Save survey responses temporarily | If 1, the survey is sent only when 100% complete. If 0, partial responses are sent if the user does not finish. | 0 |
Best practice parameters
| Parameter | Description | Default |
|---|---|---|
| Hide obsolete best practices | If a best practice is marked obsolete, hide it from the library. | 0 |
Hours and resources parameters
| Parameter | Description | Default |
|---|---|---|
| Working hours per day | Daily cap for the time summary. 0 applies no cap. | 0 |
File parameters (on-premise only)
| Parameter | Description | Default |
|---|---|---|
| File exchange directory | Temporary folder where attachments are stored before being moved to permanent storage. | /tmp |
LDAP / AD parameters
| Parameter | Description | Default |
|---|---|---|
| Show "Import from LDAP" only to users with approval permission | Restricts the option to import users from LDAP. Does not apply to Entra ID. | 0 |
| Do not sync "Position" and "Superior" fields with LDAP values | If 1, these fields are managed from Mawidabp and not synced from LDAP. | 0 |
| Validate that the username is unique across all organizations | Applies to instances with multiple ADs. | 1 |
Parameter best practices
- Review the deadlines with the audit team before starting. The defaults are reasonable, but each organization has its own pace.
- Adjust the report code format so it matches your team's internal naming. If not necessary, leave the default.
- Start with the findings summary disabled (
0) and only enable it once the team is familiar with the flow; this avoids overwhelming auditees with reminders early on. - Document changes: any parameter change is logged in the system log, but writing down the "why" internally helps in the long run.
Next steps
With parameters set, configure notifications and, if applicable, switching between organizations.