![\"Breadcrumbs](\"https:\/\/overlaps.co.uk\/docs\/wp-content\/uploads\/2026\/03\/config-settings-hide-ous.png\")
However, by checking the Hide Organizational Units that a user doesn\u2019t have permission to access<\/strong> box these containers will no longer appear in the breadcrumbs, instead only the containers that the user has permission to read will be shown.<\/p>\n\n\n\n If unchecked, any user with permission to read computer passwords (with or without authorisation) can set up notifications for events occuring in a container (such as other users reading a computer\u2019s password). By checking this box, they will only be allowed to do this if they also have permission to view the History page.<\/p>\n\n\n\n By default, requests to view a computer\u2019s password which have been authorised will expire 24 hours (1440 minutes) after the password is viewed by the Requestor. This means that if the Requestor attempts to view the password again after this time has passed they will need to submit another request.<\/p>\n\n\n\n This grace period can be removed by changing this value to \u201c0\u201d which will cause the request to expire immediately when the user views the password, meaning that any subsequent attempts will require a new Authorisation Request.<\/p>\n\n\n\n This does not prevent a user from keeping the view password window open but will stop them from re-opening it once the expiry period has passed.<\/p>\n\n\n\n Change this value (shown in minutes) to specify how long Authorisation Requests are kept before they are automatically cleaned up (deleted). This defaults to 1440 minutes (24 hours).<\/p>\n\n\n\n Authorisation Requests older than this will be deleted regardless of their status.<\/p>\n\n\n\n By default, when a user submits an Authorisation Request to view or expire a computer\u2019s password, the request is emailed to all users marked as an Authorisor for that container. This option allows you to also send a copy of the request to another email address, such as a shared mailbox.<\/p>\n\n\n\n You can combine this with the Do not email Authorisers individually<\/strong> checkbox to only use this address to send requests to.<\/p>\n\n\n\n If checked, users with the permission to authorize requests will not be emailed when a request is made. This can be used in combination with the above setting to use a shared mailbox for request authorization.<\/p>\n\n\n\n Setting this option makes it so that nominated Authorisers cannot authorise their own Authorisation Requests and must get someone else to allow or deny it.<\/p>\n\n\n\n Select whether Authorisation Request emails are formatted as a Summary<\/strong> (the number of pending requests that the recipient has outstanding), or Detailed<\/strong> (which includes a full list of requests).<\/p>\n\n\n\n By default, when a user enables Two Factor Authentication (2FA), OVERLAPS will identify itself in their Authenticator app as \u201cOVERLAPS\u201d. However, if you are running more than one OVERLAPS server, this can become confusing.<\/p>\n\n\n\n Changing this setting allows you to specify a custom identifier that will be used whenever a user enables 2FA. Note that this only works when using the QR code to register OVERLAPS in an authenticator app as the manual code allows users to enter any text as the identifier.<\/p>\n\n\n\n If this option is checked, the next time any user without 2FA enabled logs in they will be prompted to enable it and given a QR Code to enter into their Authenticator app. Once done, they will then be required to enter a code from that app before they can complete the login.<\/p>\n\n\n\n Any users without an access to an authenticator app will be unable to login if this option is enabled.<\/p>\n\n\n\n Set how long (in days) a device will be remembered when the user selected the \u201cRemember this Device\u201d option when completing a 2FA login. Once this period has expired the user will be required to enter a 2FA code again. This is 30 days by default, and can be set to any value between 1 and 90 days.<\/p>\n\n\n\n Enable or disable which TOTP authenticator apps are suggested to users when they go to enable Two Factor Authentication.<\/p>\n\n\n\n If the Authenticator app used by your company is not shown in the list above you can add it yourself by supply its name, and a link to where it can be downloaded on either the Apple App Store and\/or the Google Play Store.<\/p>\n\n\n\nNotifications Require \u201cView History\u201d Permission<\/h3>\n\n\n\n
Authorisation Requests<\/h3>\n\n\n\n
Authorisation Request Expiry<\/h4>\n\n\n\n
Authorisation Request Maximum Age<\/h4>\n\n\n\n
Send a copy of all Authorisation Requests to this email address<\/h4>\n\n\n\n
Do not email Authorisers individually<\/h4>\n\n\n\n
Prevent Authorisers from Authorising their own Requests<\/h4>\n\n\n\n
Authorisation Request Email Format<\/h4>\n\n\n\n
Two Factor Authentication Settings<\/h3>\n\n\n\n
OVERLAPS Identification for Authenticator Apps<\/h4>\n\n\n\n
Enforce Two Factor Authentication for All Users<\/h4>\n\n\n\n
Maximum Days to Remember Devices<\/h4>\n\n\n\n
Recommended Authenticator Apps<\/h4>\n\n\n\n
Custom Authenticator App<\/h4>\n\n\n\n