5. Site Administration-Security

Only users that were assigned an admin profile can access to this Site Administration-Security page.

This functionality allows the site administrator to configure the advance security rules for the qTest site instance. These configurations are optional and can be disabled at any time.

From the Site Administration page, click on SECURITY tab to access the Site Administration-Security page.


»Account Login Management

»Audit Log

»Mail Recipients Management

Account Login Management

The first check-box is used to enable/disable the rule setup regarding to password update. Once this check-box is checked, three followning subsequent options MUST NOTbe empty:


  • First option: specify the number of days after which users are notified to change password since the date the current password was set.;
  • Second option: determines the number of days ;after which accounts with unchanged passwords are deactivated since the date the current password was set. For example, if the first field's value is 75 and the second field's value is 95, it means that after after 75 days since users set your current password, the system will then send notifications to users to request password update for the next 15 days until the password is changed. After 15 days of pending, if password is still not updated, the associated account will be deactivated. The second  value MUST be greater than the first value, otherwise a red notification will be displayed.
  • Third option: dictates the number of distinct consecutive passwords that users can possess. For example, if the third option's value is 8, the first 8 passwords that users set for their accounts MUST be different from each other but the ninth password can be identical to any of the first 8 ones. The subsequent cycles of 8 distinct consecutive passwords continue on in such manner.

The second check-box is utilized to enable/disable the rule setup with respect to valid login attempts. Once this check-box is checked, the associated text field MUST NOT be empty and greater than 0.


The value of this option defines the number of valid login attempts with invalid passwords. For example, if this value is 5, it means that after 5 consecutive login attempts with invalid passwords, users' accounts will be deactivated.

Upon the security rule being set, when the accounts are deactivated, only site admin has the authority to re-activate those accounts. After input all the necessary values, the site admin should click on Save button to make them workable.

Audit Log

qTest Manager tracks some key events for security purposes. You can export the audit logs to csv following the step below:

  1. Select the date range of the tracked events included in the exported file


    • qTest Manager starts tracking the event from the release of 8.4.6 (May 24th). Before that, there is no audited data, this is why you can only export data from May 24th and afterwards
    • Audit logs are retained up to one year
  2. Select which event types are included in the exported file
  3. Click Export button to download the csv file

Mail Recipients Management

The site admin can manage which external emails qTest is able to send to, using semicolon (;) to separate them. External emails are ones that are not associated with any active qTest users.

qTest notification emails, user invitation emails and other emails which are sent to qTest users are not blocked.