Excerpt | ||
---|---|---|
| ||
Learn how you can configure User Authentications |
What does this section cover?
Table of Contents | ||
---|---|---|
|
What is User Authentication?
User authentication settings are used to define the password policy for accessing CRM.COM Software, i.e. the criteria that passwords must conform with. The password policy is taken into consideration whenever a new password for an existing or new user is set. If user authentication settings are not configured in the system, then only super users can access the system.
In addition use the settings to define how many failed login attempts a user can perform within a period of time before they result to a specific lockout time. During this lockout time, the user will not be able to login, even if the correct credentials are provided.
Additionally using User Authentication you have the option to define whether authentication of users at login will be done using CRM.COM authentication or LDAP/Active Directory authentication.
Authentication settings are also used to define IP addresses from which users can access CRM.COM or IP addresses from which users can never access CRM.COM. Each IP Authorization Rule has a set of restrictions which represents the Allowed and Denied IP Addresses. An IP Address restriction can either be a specific IP address, a range of IP Addresses or an IP Address Pattern. Each IP Authorization Rule also has a set of Conditions which defines the set of users for which the rule is applied. This set of conditions includes Users, Units, Groups or Communities in any required combination. Multiple IP Authorization Rules can be configured and used but only as long as they are in Active state.
Creating, Editing & Deleting Validations & Restrictions
Action | Validations | Restrictions |
---|---|---|
General |
|
|
Create |
|
|
Edit |
|
|
Delete |
|
|
User Authentications attributes
Name | Description | ||||||
---|---|---|---|---|---|---|---|
PASSWORD POLICY | |||||||
Minimum length* | The minimum required length of the password | ||||||
Minimum number of alphabetical characters (a-z)* | The minimum number of alphabetical characters (a-z) that should be included in the password | ||||||
Minimum number of integers (0-9)* | The minimum number of integers (0-9) that should be included in the password | ||||||
Minimum number of other (special) characters* | The minimum number of special characters that should be included in the password | ||||||
AUTHENTICATION POLICIESPOLICY
| |||||||
Use CRM.COM Active Directory/LDAP Authentication | Defines whether a user's credentials kept in CRM.COM will be used during the user's authentication or Active Directory/LDAP settings will be used during the authentication process. | ||||||
Server Type* | Defines whether authentication will be performed based on Active Directory or /LDAP | ||||||
Domain* | The domain of the Active Directory server | ||||||
URL* | Host name of the machine where the directory is installed | ||||||
Port* | Port number of the directory server | ||||||
Username* | A valid username of a user with authority to connect to the Active Directory Server | ||||||
Password* | The valid password of the user with authority to connect to the Active Directory Server | ||||||
Search base | Indicates where in the LDAP directory you wish to begin the search | ||||||
Use SSL | Defines whether an SSL connection will be used | ||||||
Password ageing warning (in days) | Defines the number of days prior which the user will be notified through CRM.COM about his/her password expiration in Active Directory | ||||||
INVALID AUTHENTICATION POLICIESPOLICY
| |||||||
Maximum allowed invalid login attempts |
| ||||||
Lock-out Time After Invalid Login Attempts (in Minutes) | Defines the user lock-out time (in minutes) after the maximum allowed login attempts were made in a specific period of time | ||||||
IP AUTHORIZATION RULES
| |||||||
State | The IP Authorization Rule's state which can either be Active or Inactive. By default the State is set to Inactive. Only Active IP Authorization Rules are evaluated and applied. | ||||||
IP Addresses Restrictions | Defines a list of IP Addresses from which users are allowed or denied access to CRM.COM. At least one IP address must be specified. | ||||||
Applied to Organisational Units | Defines the conditions that should be met in order for the IP Authorization Rule to be applied. The conditions include Users and Organizational Units. If no conditions are defined, then the IP Authorization Rule is applied for all Users and Organizational Units. |
Defining your own User Authentications tailored to your company's needs
- Navigate to FOUNDATION > USER MANAGEMENT > SET UP USER AUTHENTICATION SETTINGS
- Click on EDIT
PASSWORD POLICY
- Update the information as required to set up password formatting restrictions
AUTHENTICATION POLICY -
Status colour Red title Available from CRM.COM R9 - Use CRM.COM Authentication: Check the box to enable the rest of the settings
Server Type: Select from the drop down list between Active Directory and /LDAP
- Provide the rest of the information according to the server type Active Directory you would like to integrate withto import users from
When setting up Authentication Policy you will need to logout and login again before the changes take effect.
Check out Testing Active Directory/LDAP connection
INVALID AUTHENTICATION POLICY -
Status colour Red title Available from CRM.COM R9 - Provide the information required with regards to handling invalid login attempts
IP AUTHORIZATION RULES -
Status colour Red title Available from CRM.COM R9 - Click on ADD to add a new rule
You can add multiple rules - Click on the rule you added, from the panel list to select and define the rules and condition:
- State: Select if the rule will be Active or Inactive
- IP Addresses Restrictions: Add the IP Addresses
- Applied to Organisational Units:
- Click on "ADD" and select between
- UNIT
- USERS
- Use the Search modal to select the Organisational unit you would like to add.
- You can select any type of Organisational unit according to the restrictions that you would like to set or none at all.
- Click on "ADD" and select between
- Click on ADD to add a new rule
- From the Actions Menu click on SAVE
You will be required to logout and login again, for the settings to be applied
Anchor | ||||
---|---|---|---|---|
|
Once you configure Authentication Policy and you save the Settings you should check Active Directory/LDAP connection. To do so follow the steps below
- From the Action Menu click on ACTIONS > TEST CONNECTION
- The system will show a message whether the connection test is successful or failed
Deleting User Authentications
You cannot delete a user authentication record
Panel | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
Related Areas
|
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
Popular Labels
|