i
Work Session
Work session characteristics.
Configurable Properties
Defines the authentication method used by Deyel.
Name |
AuthenticationType |
Code |
TP_AUTHENTICATION_LOGIN |
Configuration Levels |
|
•Installation |
|
•Application |
|
•Organizational Unit |
|
•User |
|
Dynamic |
|
Encrypted |
|
Possible Values |
•Native (Predetermined) •LDAP |
Maximum inactivity time, expressed in minutes, to keep the user session active in the browser.
If that time is exceeded, the session expires and the user has to access the portal again.
The value -1 must be indicated so that the session does not expire.
Name |
MaximumIdleTime |
Code |
MAX_SESSION_INACTIVITY_TIME |
Configuration Levels |
|
•Installation |
|
•Application |
|
•Organizational Unit |
|
•User |
|
Dynamic |
|
Encrypted |
|
Possible Values |
-1 (Default), indicates that sessions do not expire due to inactivity.
It may contain numeric values that represent a number of minutes. |
Allow multiple user sessions with the same browser
When this property is enabled, it is possible to maintain multiple work sessions, with different users, within the same browser.
Name |
AllowMultipleSessions |
Code |
ALLOW_MULTISESSION |
Configuration Levels |
|
•Installation |
|
•Application |
|
•Organizational Unit |
|
•User |
|
Dynamic |
|
Encrypted |
|
Possible Values |
•Yes •No (Predetermined) |
These properties are used to configure the mixed authentication mechanism.
They establish which authentication methods are enabled and the order in which they should be used.
There are 3 properties that work in a similar way:
•First Mixed Authentication Method
•Second Mixed Authentication Method
•Third Mixed Authentication Method
Name |
AuthenticationMixta1 AuthenticationMixta2 AuthenticationMixta3 |
Code |
AUTHENTICATION_MIXTA_1 AUTHENTICATION_MIXTA_2 AUTHENTICATION_MIXTA_3 |
Configuration Levels |
|
•Installation |
|
•Application |
|
•Organizational Unit |
|
•User |
|
Dynamic |
|
Encrypted |
|
Possible Values |
•Native •LDAP •Personalized •Federated IDM •Azure AD |
When configuring the use of mixed authentication, the following should be validated:
•At least one of these properties is indicated.
•There are no repetitions in the established values.
•If any property assumes the value:
"IDM Federated", the adapter "IDMAuthorizationCode" is validated as published.
"LDAP", all LDAP related properties are validated.
LDAP - Attribute Synchronization
"Google", all Google related properties are validated.
"Customized", all properties related to custom authentication are validated.
"Azure AD", the "Azure AD" adapter is validated as published.
Configuration can only be applied when all validations are correct.
Google Authentication - OAuth Credentials - Client Identification
To use Google's authentication services, Deyel must present credentials that identify it as an OAuth 2.0 client.
This property sets the Client ID, which is part of those credentials.
It can only be configured in On-Premise environments
Name |
GoogleClientID |
Code |
GOOGLE_CLIENT_ID |
Configuration Levels |
|
•Installation |
|
•Application |
|
•Organizational Unit |
|
•User |
|
Dynamic |
|
Encrypted |
|
Default Value |
|
Google Authentication - OAuth Credentials - Client Secret
To use Google's authentication services, Deyel must present credentials that identify it as an OAuth 2.0 client.
This property sets the Client Secret, which is part of those credentials.
It can only be configured in On-Premise environments
Name |
GoogleClientSecret |
Code |
GOOGLE_CLIENT_SECRET |
Configuration Levels |
|
•Installation |
|
•Application |
|
•Organizational Unit |
|
•User |
|
Dynamic |
|
Encrypted |
|
Default Value |
|
Name of the rule defined to run Custom Authentication.
Name |
CustomAuthentication |
Code |
CUSTOM_AUTHENTICATION |
Configuration Levels |
|
•Installation |
|
•Application |
|
•Organizational Unit |
|
•User |
|
Dynamic |
|
Encrypted |
|
Default Value |
|
The existence of the rule is validated by configuring the type of custom or mixed authentication that contains it.
If the rule exists, it is validated to have the required input and output parameters.
Authorized domains to send user invitations
The email addresses to which invitations are sent must belong to one of the domains reported in this property. Several domains can be indicated, separated by semicolons. For example: 'mycompany.com ; optis.com'. If no value is reported, then invitations can be sent to any email address.
Name |
AuthorizedDomains |
Code |
AUTHORIZED_DOMAINS |
Configuration Levels |
|
•Installation |
|
•Application |
|
•Organizational Unit |
|
•User |
|
Dynamic |
|
Encrypted |
|
Possible Value |
They must be valid domain names. They can be separated by semicolons. |
When a user uses 'Forgot your password' and logs in for the first time with the assigned password, Deyel may require a password change depending on the value of this property:
Not Required - Deyel allows the user to continue using the assigned password.
Optional - The password change screen is presented prompting the user to update it. You can do so or indicate that you keep the assigned password.
Required - The user is forced to change the password in order to continue.
Name |
RequireChangePassword |
Code |
PASSWORD_CHANGE |
Configuration Levels |
|
•Installation |
|
•Application |
|
•Organizational Unit |
|
•User |
|
Dynamic |
|
Encrypted |
|
Possible Values |
•Not Required (Default) •Optional •Required |
Maximum Duration of User Session
Maximum duration of user session, expressed in minutes. If that time is exceeded, the session expires and the user has to log in again. By indicating the value -1 the sessions do not expire.
Name |
MaximumSessionDuration |
Code |
MAX_SESSION_EXPIRATION_TIME |
Configuration Levels |
|
•Installation |
|
•Application |
|
•Organizational Unit |
|
•User |
|
Dynamic |
|
Encrypted |
|
Possible Values |
-1 (Default), indicates that sessions do not expire for a maximum time.
It may contain numeric values that represent a number of minutes. |
Maximum Number of Simultaneous Sessions per User
Allows to limit the number of simultaneous sessions that a user can have active. Indicating the value -1 the number of sessions is unlimited.
Name |
NumberofSimultaneousSessions |
Code |
MAX_SESSIONS_BY_USER |
Configuration Levels |
|
•Installation |
|
•Application |
|
•Organizational Unit |
|
•User |
|
Dynamic |
|
Encrypted |
|
Possible Values |
-1 (Default), indicates that the number of simultaneous sessions is unlimited. |
Maximum Number of Failed Logins
Sets the maximum allowable number of failed authentications due to incorrect passwords. When the user exceeds this number of consecutive failed attempts, their account becomes inactive. If the value -1 is set, there is no limitation on the number of failed logins.
This control only applies when using the native authentication mechanism, in which Deyel is responsible for verifying the user's password.
Name |
MaximumAmountOfFailedAccesses |
Code |
INVALID_PASS_ATTEMPTS |
Configuration Levels |
|
•Installation |
|
•Application |
|
•Organizational Unit |
|
•User |
|
Dynamic |
|
Encrypted |
|
Possible Values |
-1 (Default), indicates that there is no limitation on the number of failed logins. |
The account locking by number of failed logins is set for a maximum period of time, indicated in minutes, in this property. After that time, the user will be able to access again, if they enter correctly with their password.
If -1 is indicated then the account remains locked indefinitely until one of the planned unlocking mechanisms is executed:
- The security administrator activates the account again.
- The user receives an email with a link that allows them to activate their account again.
Name |
MaximumUserLockoutTime |
Code |
MAX_USER_BLOQUED_TIME |
Configuration Levels |
|
•Installation |
|
•Application |
|
•Organizational Unit |
|
•User |
|
Dynamic |
|
Encrypted |
|
Possible Values |
-1 (Default), indicates that the account remains blocked. |