Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt
hiddentrue

Learn how you can configure User Authentications

What does this section cover?

Table of Contents
minLevel2

What is User Authentication?

User authentication settings are used to define the password policy for accessing CRM.COM Software, i.e. the criteria that passwords must conform with. The password policy is taken into consideration whenever a new password for an existing or new user is set. If user authentication settings are not configured in the system, then only super users can access the system.

In addition use the settings to define how many failed login attempts a user can perform within a period of time before they result to a specific lockout time. During this lockout time, the user will not be able to login, even if the correct credentials are provided.

Additionally using User Authentication you have the option to define whether authentication of users at login will be done using CRM.COM authentication or LDAP/Active Directory authentication. 

Authentication settings are also used to define IP addresses from which users can access CRM.COM or IP addresses from which users can never access CRM.COM. Each IP Authorization Rule has a set of restrictions which represents the Allowed and Denied IP Addresses. An IP Address restriction can either be a specific IP address, a range of IP Addresses or an IP Address Pattern. Each IP Authorization Rule also has a set of Conditions which defines the set of users for which the rule is applied. This set of conditions includes Users, Units, Groups or Communities in any required combination. Multiple IP Authorization Rules can be configured and used but only as long as they are in Active state.

Creating, Editing & Deleting Validations & Restrictions

ActionValidationsRestrictions
General
  • Not Applicable
  •  If user authentication settings are not configured in the system, then only super users can access the system. all information is considered as mandatory.
  • Only 1 password policy can be set in the system
Create
  • All mandatory fields must be provided
  • Not Applicable
Edit
  • All mandatory fields must be provided
  • Not Applicable
Delete
  • Not Applicable
  • You cannot delete a user authentication record

User Authentications  attributes 

Name

Description

PASSWORD POLICY
Minimum length*The minimum required length of the password
Minimum number of alphabetical characters (a-z)*The minimum number of alphabetical characters (a-z) that should be included in the password
Minimum number of integers (0-9)*The minimum number of integers (0-9) that should be included in the password
Minimum number of other (special) characters*The minimum number of special characters that should be included in the password

AUTHENTICATION POLICY

Status
colourRed
titleAvailable from CRM.COM R9

Use Active Directory/LDAP Authentication

Defines whether Active Directory/LDAP settings will be used during the authentication process.

Server Type*

Defines whether authentication will be performed based on Active Directory/LDAP

Domain*

The domain of the Active Directory server

URL*

Host name of the machine where the directory is installed

Port*

Port number of the directory server

Username*

A valid username of a user with authority to connect to the Active Directory Server

Password*

The valid password of the user with authority to connect to the Active Directory Server

Search base

Indicates where in the LDAP directory you wish to begin the search

Use SSLDefines whether an SSL connection will be used
Password ageing warning (in days)Defines the number of days prior which the user will be notified through CRM.COM about his/her password expiration in Active Directory

INVALID AUTHENTICATION POLICY

Status
colourRed
titleAvailable from CRM.COM R9

Maximum allowed invalid login attempts

  • Maximum Allowed Invalid Login Attempts: Defines the maximum allowed invalid login attempts for all users in combination with
  • Invalid Login Attempts Every X Minutes: The period, in minutes, during which the user will make these failed login attempts 
    which will result in user lockout period.

Lock-out Time After Invalid Login Attempts (in Minutes)

Defines the user lock-out time (in minutes) after the maximum allowed login attempts were made in a specific period of time

IP AUTHORIZATION RULES

Status
colourRed
titleAvailable from CRM.COM R9

IP Authorization Rules are used to define IP addresses from which users can access CRM.COM or IP addresses from which users can never access CRM.COM. Each IP Authorization Rule has a set of restrictions which represents the Allowed and Denied IP Addresses. An IP Address restriction can either be a specific IP address, a range of IP Addresses or an IP Address Pattern. Each IP Authorization Rule also has a set of Conditions which defines the set of users for which the rule is applied. This set of conditions includes Users, Units, Groups or Communities in any required combination. Multiple IP Authorization Rules can be configured and used but only as long as they are in Active state.

State

The IP Authorization Rule's state which can either be Active or Inactive. By default the State is set to Inactive. Only Active IP Authorization Rules are evaluated and applied.

IP Addresses Restrictions

Defines a list of IP Addresses from which users are allowed or denied access to CRM.COM. At least one IP address must be specified.

Applied to Organisational UnitsDefines the conditions that should be met in order for the IP Authorization Rule to be applied. The conditions include Users and Organizational Units. If no conditions are defined, then the IP Authorization Rule is applied for all Users and Organizational Units.

Defining your own User Authentications  tailored to your company's needs

  1. Navigate to FOUNDATION > USER MANAGEMENT > SET UP USER AUTHENTICATION SETTINGS 
    USER AUTHENTICATION SETTINGS
  2. Click on EDIT
  3. PASSWORD POLICY

    1. Update the information as required to set up password formatting restrictions
  4. AUTHENTICATION POLICY - 
    Status
    colourRed
    titleAvailable from CRM.COM R9

    1. Use CRM.COM Authentication: Check the box to enable the rest of the settings
    2. Server Type: Select from the drop down list Active Directory/LDAP

    3. Provide the rest of the information according to the Active Directory you would like to import users from
      When setting up Authentication Policy you will need to logout and login again before the changes take effect. 
      Check out Testing Active Directory/LDAP connection 
  5. INVALID AUTHENTICATION POLICY - 
    Status
    colourRed
    titleAvailable from CRM.COM R9

    1. Provide the information required with regards to handling invalid login attempts
  6. IP AUTHORIZATION RULES - 
    Status
    colourRed
    titleAvailable from CRM.COM R9

    1. Click on ADD to add a new rule
      You can add multiple rules
    2. Click on the rule you added, from the panel list to select and define the rules and condition:
      1. State: Select if the rule will be Active or Inactive
      2. IP Addresses Restrictions: Add the IP Addresses
      3. Applied to Organisational Units:  Setting Allowed Organisation Units - GlobalSetting Allowed Organisation Units - Global
          Include Page
          1. Click on "ADD" and select between
            1. UNIT
            2. USERS
          2. Use the Search modal to select the Organisational unit you would like to add.
          3. You can select any type of Organisational unit according to the restrictions that you would like to set or none at all.
    3. From the Actions Menu click on SAVE
    4. You will be required to logout and login again, for the settings to be applied

    Anchor
    TEST
    TEST
    Testing Active Directory / LDAP Connection

    Once you configure Authentication Policy and you save the Settings you should check Active Directory/LDAP connection. To do so follow the steps below

    1. From the Action Menu click on ACTIONS > TEST CONNECTION
      TEST AUTHENTICATION POLICY SETTINGS 
    2. The system will show a message whether the connection test is successful or failed

    Deleting User Authentications

    You cannot delete a user authentication record

Panel
namegrey

Related Areas

Filter by label (Content by label)
showLabelsfalse
spacesV4Manual
showSpacefalse
excerpttrue
labelsuser-management-basics-r7,user-management-advanced-r7,user-management-admin-r7

Panel
namegrey

Popular Labels

Popular Labels
spaceKeyV4Manual
styleheatmap