---
title: FAQs | Access Control
description: Frequently asked questions
documentId: access-control-faqs
locale: en-US
---

If you have a question that you believe should be included here, send us a suggestion using our [Ideas Portal](https://portal.productboard.com/hugmvkhl816puovqd9nnvslb).

## Security

<Accordions>
<Accordion title="After how long of inactivity is the user automatically disconnected?">
To meet compliance requirements with the PCI standard, inactive user sessions are automatically terminated after **15 minutes**.
</Accordion>

<Accordion title="What are the minimum security requirements for passwords?">
Passwords must contain:

- Uppercase and lowercase letters
- Numbers
- Special characters
- At least **12** characters

<Callout type="NOTE" title="NOTE">
Your new password must be different from the last four passwords used.
</Callout>

<Callout type="TIP" title="TIP">
See how to [change your password](/docs/en/edit-user#changing-password).
</Callout>
</Accordion>

<Accordion title="Why is a feature not available for my user, even after granting permissions?">
If you have already had permissions granted for a specific feature, but it is still not available or does not work as expected, the problem may be related to **additional permissions that have not been granted**.

Permission management is role-based.
Each user is associated with at least one role, and each role has a specific set of permissions.

Some features require permissions that go beyond that single resource.
This means that **even if you have permission to use a main feature, you may need other permissions** for everything to work correctly.

What to check:

- **Permissions:** it's possible that a feature needs access to data or actions that are controlled by permissions associated with **other** features.

**For example:** to access the API catalog, you may need not only permission for the catalog itself (an API Platform feature), but also the "Groups" permission from Access Control.

- **Roles:** make sure that the roles to which the user is associated include **all** the permissions necessary for the desired feature.

<Callout type="TIP" title="TIP">
See also: [Permissions](/docs/en/permissions).
</Callout>
</Accordion>

## User configuration

<Accordion title="What do I do when the new user activation link expires?">
When a new user is added to the system, or when an existing user requests the reactivation of their account, an email is sent with an activation link.

This link has a limited time for use: **48 hours**.

If the link expires before the user activates or reactivates their account, contact the environment administrator so they can proceed with [account activation](/docs/en/edit-user#activate-or-deactivate-user).
</Accordion>

<Accordion title="Why are some federated login providers disabled for configuration?">
If a federated login provider is already configured in your environment, the other providers will appear disabled for configuration.

This happens because each environment allows only **one active provider at a time**.

To configure another provider, you must deactivate the currently active provider: click the card to edit it and then click **Delete Login**.

<Callout type="WARNING" title="WARNING">
When deleting a federated login provider, all users linked to it will be permanently deleted automatically and without warning.
It is not possible to recover this data after deactivation.
</Callout>

![Screen with only one active login provider](https://creative-ball-51b3fc85c0.media.strapiapp.com/faqs_federated_login_1fa7dbbf17.png)
</Accordion>
</Accordions>