Edit Company Settings

Topics:

Company Settings

By clicking Admin > Settings on the company navigation bar, company administrators can modify the company-wide settings listed below. When you are finished making changes, click Save Settings. A message screen will confirm that the changes were made successfully.

company settings

  • Name – This is the name displayed in the header. It can be changed at any time. However, the name originally registered with IMS will continue to be used in the web address.
  • Theme – Squish features a number of color themes from which to choose. The theme you choose here affects all pages that pertain to the company rather than any particular project. Projects can have their own themes which differ from the company's (see Project Settings).
  • Allow anonymous access – If you select this option, project managers may choose to give anonymous users View permission on their projects. If this option is not selected, anonymous users will be prevented from viewing any project, regardless of the individual project's settings.
  • Require account approval – If account approval is required, a company administrator needs to approve or deny new user requests. If it is not required, new users will receive immediate access.
  • Require account request justification - If this is checked, users requesting access to the Squish project will need to write a text justification for their request. This text is available when approving user access.
  • Allow project requests – Enables users to request new projects to be added to the company.


  • Password Expiration days - The number of days after changing a password at which time the user will be required to change their password again. The value entered must be greater than or equal to one. Leave blank if you do not want to force password expirations.
  • Minimum Password Length – The minimum number of characters allowed for new passwords.
  • Required password character classes - The number of required character classes in new passwords. This must be a number 1-4.
    • Character classes are lowercase letters, uppercase letters, numerals, and special characters.
  • Require multi-factor authentication (MFA) – Checking this box will require users to authenticate new Squish sessions using two methods. Users will be prompted to set up the second authentication method when logging in.
  • Require Single Sign On (SSO) – Only available if this add-on functionality has been purchased. Checking this box will require all accounts to authenticate via a configured SSO identity provider (IdP).
  • Allow Account Sign-ups – When this box is checked, new users will be able to request a Squish account from the login page. When the box is unchecked, the option to request a new account is disabled from the login page. Company Administrators can still manually create accounts when this box is unchecked.
  • Enforce email verification – Checking this box will require all users to verify their email address before accessing Squish.
  • Signup help text – A free text field which can be used to provide instructions on the company’s Login page.
  • Default timezone – Select a value to define the timezone user preference value that new accounts have by default. Can be overridden by a user setting.
  • Default date input format – Select a value to define the default date format that is used for new users when manually entering a field value or choosing a date via the date picker widget. Can be overridden by a user setting.
  • Default date display format – Select a value to define the default format in which dates are displayed for new users. Can be overridden by a user setting.
  • Default time display format – Select a value to define the default format in which times are displayed for new users. Can be overridden by a user setting.

company settings

  • User deactivation days – Inactive users will be deactivated after the number of days entered here. If this field has no value, inactive users are never deactivated. This applies only to account that login to the Squish website, not to web service or email-only accounts.
  • Default Session Expiration Time (hrs) -–The number of hours after which a user's session will expire. The value is defaulted to 0 and the user's session will be ended when the browser is closed.
  • "Remember me" session expiration time (days) – This setting determines the number of days a user may choose to remember their session when logging in. By default, this field is set to 14 days. Setting the value to 0 will disable the "Remember me" option when logging in.
  • Incorrect password attempts before lockout – The number of incorrect password attempts that a user can make before their account is locked. The default value is set to 0, which will not lock an account regardless of the number of incorrect attempts.
  • Password lockout time (minutes) – The number of minutes for which an account will be locked out after entering too many bad passwords. If the maximum number of attempts is not reached in that time, it becomes the number of minutes before the number of password attempts is reset to 0. The default value is 0, which will require an Administrator to manually unlock the account from the company’s Users page.
  • Password Reuse Policy – Enter an integer, 1-25. The integer represents the number of unique new passwords that must be associated with a user account before an old password can be reused. The default value is 5.

The people who are Company Administrators are listed under the Administrators header on the right side of the page.  Click the user's name to go to the screen to view or edit the information for that user.

SSO rules based on email suffix

This tool is only available for Squish Companies which have a subscription for SSO. Rules can be configured to enforce users with a particular email suffix to use a specific SSO identity provider. Only administrators creating or editing Squish accounts can access this tool. If no email domains/Identity Providers are entered when a user requests their own account, they may use any configured identity provider regardless of their email domain. 

To configure email suffix rules:

  1. Navigate to Admin > Settings from the Company home page.
  2. Select the link to Create rules for certain email suffixes at signup.
  3. Select Create new rule.
  4. Enter the email suffix that a rule will be created for. For example: @gmail.com.
  5. Choose an Identity Provider from the list of configured providers. If the correct provider is not listed, it can be configured from the Admin > SSO page.
  6. Alternatively, if no Identity Provider is selected, a Message can be entered that will be displayed to users signing up for an account with the specified email suffix. When combined with the Require Single Sign On (SSO) setting being checked, this will prevent users from signing up for an account. 
  7. Select Save.