So that you don't have to change the same setting every time you create an account, you can change some of the defaults on the accounts organisation preferences page.
Many of the options are about the account activationlifecycle:
- Would you like to change from the recommended account activation process and always specify a password?
- Will the default login by email address option be yes or no?
- If you are using account activation, do you want to send the user an email with an activation code?
- How long are activation codes valid for? (1 - 365 days)
- When will the account expire? (1 - 60 months after it is created, does not affect some custom self-registration schemes)
- Should a warning email be sent to the account holder before their account expires or not (sent at two and four weeks before expiry)
- How long after an account expires should it be automatically deleted? (0 - 365 days)
- Whether federated resources will get a response if they are not specified in permission sets
Permissive mode (default) means that the system will pass attributes to any federated resource that a user tries to access. In normal operation the resource would then decide whether or not to let the user in based on the attributes that had been passed. This is how federated access management is designed to work.
Restrictive mode means that the system OpenAthens will block access attempts to federated resources that are not specified in permission sets. Its intended use is in situations where a resource is not operating according to standards - e.g. they have decided that it is up to you to not send them any response for users that should not have access. The service provider may still deny access.
This setting will also have an impact on statistics. A statistic is logged whenever attributes are passed to a resource and restrictive mode will stop those attributes being passed to unspecified resources. In permissive mode, statistics give you a record of all the things your users want to access; in restrictive mode, statistics give you a record only of the things that they should be able to access. Both have their benefits.