- Authentication

Authentication

Introduction

iPassport allows each account to customise their password complexity settings to force users to include a non-alphanumeric character, number or uppercase letter in their passwords. The settings can be found in ‘User Logon Settings’.

When a user is changing their password the system will notify them if their new password does not match the requirements. After the password preferences have been changed, the system will also inform users when they log into the system if their password does not match the new requirements and will prompt them to update it.

User Logon Setting

Navigate to Administration -> Settings -> System Settings -> User Logon Settings.

  • ‘Block re-use of previous password’. Once checked ensures that a user can never use a password that they have previously used within iPassport.

  • ‘Lockout period (in minutes) after maximum failed consecutive logins reached’. If a ‘Maximum consecutive failed login before locking user account’ value is set then admin can define here the time period used to lock the user out, after they failed to login after maximum number of times, before allowing them to try again

  • ‘Login Strategy’ sets which strategy will be used to log users in. This applies to the whole account.

  • ‘Maximum consecutive failed logins before locking user account’ admin can set how many consecutive failed logins a user can perform before being locked out of the system. If a Lockout period is set then the system will unlock the user’s account after this time has passed or admin can unlock the user.

  • ‘Minimum Password Length’ is used to configure the minimum number of characters in a user’s password.

  • ‘Password Expires after (days)’ is used to force users to change their passwords after a given number of days. Use 0 if the password should never expire.

  • ‘Password should include a non alphanumeric character’ forces the user’s password to contain at least one special character (@&<= etc).

  • ‘Password should include a number’ forces a user’s password to contain at least one number.

  • ‘Password should include an uppercase letter’ forces a user to have at least one uppercase letter in their password.

user logon setting

Unlocking Users

Permission required: User Accounts:Enable/Disable- Allow a user to enable and disable user accounts information on this feature.

If the system has a locked out user, admin with permission above will be able to unlock the user by navigating to Administration -> Users -> Search Users and using the ‘Filter Locked/Not locked ‘ set to ‘Locked’.

lockout user using the filter

To unlock a user click on ‘Locked Out (Click to Unlock)’ in the ‘Current Activity’ column. The system will ask if admin are sure they want to unlock the user, click ‘OK’ and a green banner will appear confirming the user is now unlocked.

green banner message confirming user is unlocked

Two Factor Setting

Two factor authentication allows an additional level of security to guard against password theft. When logging into iPassport, in addition to entering a username and password, users will be sent a code via email. Copy and paste this code into the field in order to access the system.

When using two factor authentication admin can choose to use code validation each time a user logs in or use the additional code validation to check after a set number of days. For example, admin could ask their users to verify their identity using the email code once a week. The rest of the time they would login normally.

To enable this feature, navigate to Administration -> Settings -> System Settings -> User Logon Settings -> ‘Login Strategy’ dropdown field and select ‘2-Factor Authentication Login’.

Navigate to Administration -> Settings -> System Settings -> Two Factor Settings.

  • ‘Max Attempts’ decides how many times user can incorrectly enter verification code before their account is locked.

  • ‘Remember Second Factor For (days)’ specifies the number of days before the user is asked to provide second factor code again. The user will not have to enter second factor code between logins for this number of days. Only their login and password will be required.

If admin change this value the new settings will only take effect when the original period expires. For example, if this was set to 30 days then users will be asked to enter a second factor code once and then 30 days later and so on. If admin then change this value to 5 days, any user who has already entered a code will not be asked again for 30 days. The new 5 days period will take effect when they are next asked to enter a code.

  • ‘Second Factor Code Length’ specifies the number of digits in the second factor code sent to a user.

two factor setting

LDAP Configuration

Navigate to Administration -> Settings -> System Settings -> LDAP Configuration

If LDAP is already in use for other services it’s very easy to configure iPassport to also authenticate users.

  • ‘LDAP Server Address’ is your LDAP domain name/IP address.
  • ‘LDAP Server Port’ is your server’s port number.
  • ‘Authentication Method’ is how login details are sent over to the server. ‘Plain’ method sends user name and password in plain text whereas the other two options encrypt the information.
  • ‘LDAP Base’ is the base that will be added to user lookup when performing authentication.
  • ‘Authentication User Key’ is the unique user identifier in iPassport.

Please contact Genial Compliance- support@genialcompliance.com before implementing this feature.

LDAP config settings

SAML/ADFS

Navigate to Administration -> Settings -> System Settings -> SAML Configuration

Please contact Genial Compliance- support@genialcompliance.com for more information on this feature.

SAML config