Hitelesítés (Authentication)

How to set authentication settings

You can access it via Administration » Settings » Authentication.

With this option, you can set how long can be someone logged in before the system automatically logs the user out (saved password for access to the system).

Here you can set if a user can perform self-registration and how to do so:

  • activation by email - an activation link will be sent to the registered email
  • manual account activation - administrator must activate the user. Registered users can be filtered in the user list by status - registered
  • automatic activation - user is activated on the first login

You can add a self-registered user to an existing group automatically.

You may also allow Open ID logging and registration.

 

Password policy

In More » Administration » Settings » Authentication » Password must include, you can enforce strong passwords to all users by defining criteria a user password has to meet, such as big letter, small letter, number, and special character. The set-up criteria will be enforced automatically since the next time a user changes his password or when creating a new user.

If an entered password does not meet any of these criteria, the following error appears.

Other enhancements for password enforcement can be set up in More » Administration » Settings » Authentication.

Minimum password length - enter the requested number of characters
Unique password counter - after how many password changes can a user set up the last password again
Required password after - after how many days will a user be asked by the system to change his password

The following message appears few days before password expiration if "Required password after" is configured.

However, the notifications about password expiration can be turned off on the user profile.

 

Two-factor authentication

Two-factor authentication (2FA), often referred to as two-step verification, is a security process in which the users provide two authentication factors to verify they are who they say they are. 2FA can be contrasted with single-factor authentication (SFA), a security process in which the user provides only one factor - typically a password. To set it up, just go to More » Administration » Settings » Authentication » Two-factor authentication where you can configure the second factor - SMS or time-based one-time password (TOTP). For SMS, you need to set up your telephone number on the same page.

If TOTP is globally active, the user can find enable/disable TOTP option in his user profile so that each user can customize the authentication process as per his convenience.

To enable TOTP, you will be asked to scan displayed QR code or enter the plain text into a TOTP app (e.g. Google Authenticator, Authy, Duo Mobile...). The app is supposed to generate verification key that you enter back into the respective form in the next step and TOTP is thereby verified and activated.

 

Corner situations

  • Q: I've configured two factor authentication in settings to use TOTP. I enabled this scheme. In my account I tried to enable TOTP and tried using the Google Authenticator app. I couldn't verify with the code generated by the authenticator app. I also tried the Microsof Authenticator app. Same problem.
    A: The problem was that our server didn’t synchronize it’s clock with NTP. So the time on the server was different then the time on my phone.
  • If you use two-factor authentication (2FA) by adding SMS scheme as required, you have to be twice as careful the SMS provider is set correctly. In another case, SMS wouldn't be sent and you will not able to log in.

Próbálja ki az Easy Project szoftvert ingyenesen

Minden funkció elérhető | SSL tanúsítvány | Napi mentések