Enable Security Settings for Logins, Passwords, and Session Timeout Intervals

If you are your company's Procore Administrator, or if your Procore user account has been granted 'Admin' level permissions to the Company level Admin tool, you can submit a request to modify select security settings for the your company's Procore account. You can request to enable settings for locking out users after failed login attempts, password expiration policies, and a timeout interval for idle user sessions. Requests to change security settings must be submitted to your Procore point of contact.

• Required User Permissions:

  • 'Admin' on the company's Admin tool.

• Additional Information:

  • For new company accounts, the settings below are configured during the Procore Implementation Process.

  • For existing company accounts, a user with the appropriate permissions must submit a request to your Procore point of contact.

• Limitations:

  • These are company-wide settings. They cannot be applied on a per-project or per-user basis.

Step 1: Request to Enable Security Settings

If you want to make changes to your company's security settings, a user with 'Admin' level permission to the company's Admin tool can email a request to your Procore point of contact.

Step 2: Review Your Company Account's Current Security Settings

1. Navigate to the Company level Admin tool.

2. Under Company Settings, click General Settings, and scroll down to Security Settings.
   

   

3. Ask your Procore point of contact to configure the settings you want:

   • Lock Out After 3 Failed Sign In Attempts Show/Hide Details

     This setting controls how many times a user can enter an incorrect password before being logged out:

     • ON: Procore restricts access after three (3) failed attempts to help prevent unauthorized access.

     • OFF: There is no limit on the number of login attempts.

   • Password Expiration Show/Hide Details

     Set how often users must update their passwords.

     • Never. Password remains valid indefinitely.

     • 30 Days. Require a monthly password update.

     • 60 Days. Require a bi-monthly password update.

     • 90 days. Require a quarterly password update.

   • Session Timeout Interval Show/Hide Details

     Help to keep account access secure by setting a timeout interval to log users out after a period of inactivity. Procore displays a warning message before their session timeout, allowing them to respond to stay logged in.

     Session Idle Timeout Threshold	Description	Warning Message Displays at
     No Timeout	This is Procore's default setting.	N/A
     15 minutes	Ends the user's session after 15 minutes of inactivity.	5 minutes before timeout
     30 minutes	Ends the user's session after 30 minutes of inactivity.	10 minutes before timeout
     60 minutes	Ends the user's session activity after 60 minutes of inactivity	10 minutes before timeout
     120+ minutes	Ends the user's session activity after 120 minutes of inactivity	20 minutes before timeout

   • Enforce Password Resets via Email Show/Hide Details

     Determine how users are permitted to manage their password updates within the system:

     • Email Only (Setting is set to Yes): Users must use the link in the email notification to reset their own passwords.

     • Email & Profile (Setting is set to No): Users can reset their own passwords by email or directly in their My Profile Settings page.