Work session characteristics.

Configurable Properties

Authentication type

Defines the authentication method used by Deyel.

Maximum inactivity time

Maximum inactivity time, expressed in minutes, to keep the user session active in the browser.

If that time is exceeded, the session expires and the user has to access the portal again.

The value -1 must be indicated so that the session does not expire.

Allow multiple user sessions with the same browser

When this property is enabled, it is possible to maintain multiple work sessions, with different users, within the same browser.

Mixed authentication method

These properties are used to configure the mixed authentication mechanism.

They establish which authentication methods are enabled and the order in which they should be used.

There are 3 properties that work in a similar way:

•First mixed authentication method

•Second mixed authentication method

•Third mixed authentication method

When configuring the use of mixed authentication, the following should be validated:

•  At least one of these properties is indicated.

•  There are no repetitions in the established values.

•  If any property assumes the value:

"IDM Federated", the adapter "IDMAuthorizationCode" is validated as published.

"LDAP", all LDAP related properties are validated.

LDAP - Server Connection

LDAP - User Search

LDAP - Attribute Synchronization

"Google", all Google related properties are validated.

"Customized", all properties related to custom authentication are validated.

"Azure AD", the "Azure AD" adapter is validated as published.

 
Configuration can only be applied when all validations are correct.
 

Google authentication - OAuth credentials - Client identification

To use Google's authentication services, Deyel must present credentials that identify it as an OAuth 2.0 client.

This property sets the Client ID, which is part of those credentials.

It can only be configured in On-Premise environments

Google authentication - OAuth credentials - Client Secret

To use Google's authentication services, Deyel must present credentials that identify it as an OAuth 2.0 client.

This property sets the Client Secret, which is part of those credentials.

It can only be configured in On-Premise environments

Custom authentication

Name of the rule defined to run Custom authentication.

The existence of the rule is validated by configuring the type of custom or mixed authentication that contains it.

If the rule exists, it is validated to have the required input and output parameters.

Authorized domains to send user invitations

The email addresses to which invitations are sent must belong to one of the domains reported in this property. Several domains can be indicated, separated by semicolons. For example: 'mycompany.com ; optis.com'. If no value is reported, then invitations can be sent to any email address.

Require password change

When a user uses 'Forgot your password' and logs in for the first time with the assigned password, Deyel may require a password change depending on the value of this property:

- Not Required - Deyel allows the user to continue using the assigned password.

- Optional - The password change screen is presented prompting the user to update it. You can do so or indicate that you keep the assigned password.

- Required - The user is forced to change the password in order to continue.

Maximum duration of user session

Maximum duration of user session, expressed in minutes. If that time is exceeded, the session expires and the user has to log in again. By indicating the value -1 the sessions do not expire.

Maximum number of simultaneous sessions per user

Allows to limit the number of simultaneous sessions that a user can have active. Indicating the value -1 the number of sessions is unlimited.

Maximum number of failed logins

Sets the maximum allowable number of failed authentications due to incorrect passwords. When the user exceeds this number of consecutive failed attempts, their account becomes inactive. If the value -1 is set, there is no limitation on the number of failed logins.

This control only applies when using the native authentication mechanism, in which Deyel is responsible for verifying the user's password.

Maximum user locked time

The account locking by number of failed logins is set for a maximum period of time, indicated in minutes, in this property. After that time, the user will be able to access again, if they enter correctly with their password.

If -1 is indicated then the account remains locked indefinitely until one of the planned unlocking mechanisms is executed:

- The security administrator activates the account again.

- The user receives an email with a link that allows them to activate their account again.

Password history

When the user registers their password, Deyel verifies that it is different from the previous N.

The number N, defined in this property, can assume values between 0 and 100.

If 0 is indicated, then Deyel does not compare the new password with the previous ones. Repetitions are allowed.

This mechanism is applied when access passwords are managed by Deyel, using native authentication.

When the user enters a new key password, Deyel verifies the following:

- If N=0, the new password is not compared with the previous ones.

- If N=1, the new password cannot be the same as the current one.

- If N>1, the new password cannot be the same as the current one, and neither can it be the same as the previous N-1 passwords.

For example, if N=3, the new password must be different from the current one and the 2 previous ones recorded in history.

When the password is invalid, the user receives a message “You have used that password previously. You must report a different one.”

To implement this control, Deyel keeps a history of all passwords used by the user. Values are kept in chronological order and encrypted in the database and are not accessible by the user.

Two step authentication

When using native or custom authentication, it is possible to enable two-step authentication.

This property sets the desired behavior.

Password expiration time

Indicates the number of consecutive days that must pass for a password to expire.

If the value -1 is specified, then passwords do not expire.

This control is applied when using the native authentication, where passwords are managed by Deyel.

Each time the user sets a new password, the time at which this operation is performed is recorded and the expiration time can be calculated.

For example, if the value 1 is reported,  passwords that were set on that day expire the day after.

Password expiration notification

Indicates the number of days in advance that users must be notified of the expiration of their password.

- If the value -1 is indicated, then no notification is issued.

- If a value other than -1 is specified, then it is checked to be less than the property Password expiration time.

The scheduled task must be active Notify Password Expiration.

×

Send comment

Comment

Send

×

We are interested in your opinion

In order for you to leave us your comments, we need you to log in to our site.

Log in