i

Please enable JavaScript to view this site.

Documentation 8.6

Work session characteristics.

Configurable Properties

 

Authentication type

 

Defines the authentication method used by Deyel.

 

Name

AuthenticationType

Code

TP_AUTHENTICATION_LOGIN

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Possible Values

Native (Predetermined)

LDAP

Google

Personalized

Federated IDM

Mixed

Azure AD

 

 

Maximum inactivity time

 

Maximum inactivity time, expressed in minutes, to keep the user session active in the browser.

If that time is exceeded, the session expires and the user has to access the portal again.

The value -1 must be indicated so that the session does not expire.

 

Name

MaximumIdleTime

Code

MAX_SESSION_INACTIVITY_TIME

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Possible Values

-1 (Default), indicates that sessions do not expire due to inactivity.

 

It may contain numeric values that represent a number of minutes.

 

 

Allow multiple user sessions with the same browser

 

When this property is enabled, it is possible to maintain multiple work sessions, with different users, within the same browser.

 

Name

AllowMultipleSessions

Code

ALLOW_MULTISESSION

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Possible Values

Yes

No (Predetermined)

 

 

Mixed authentication method

 

These properties are used to configure the mixed authentication mechanism.

They establish which authentication methods are enabled and the order in which they should be used.

 

There are 3 properties that work in a similar way:

 

First mixed authentication method

Second mixed authentication method

Third mixed authentication method

 

Name

AuthenticationMixta1

AuthenticationMixta2

AuthenticationMixta3

Code

AUTHENTICATION_MIXTA_1

AUTHENTICATION_MIXTA_2

AUTHENTICATION_MIXTA_3

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Possible Values

Native

LDAP

Google

Personalized

Federated IDM

Azure AD

 

 

When configuring the use of mixed authentication, the following should be validated:

 

 At least one of these properties is indicated.

 

 There are no repetitions in the established values.

 

 If any property assumes the value:

 

"IDM Federated", the adapter "IDMAuthorizationCode" is validated as published.

 

"LDAP", all LDAP related properties are validated.

 

LDAP - Server Connection

LDAP - User Search

LDAP - Attribute Synchronization

 

"Google", all Google related properties are validated.

 

"Customized", all properties related to custom authentication are validated.

 

"Azure AD", the "Azure AD" adapter is validated as published.

 
Configuration can only be applied when all validations are correct.
 

 

Google authentication - OAuth credentials - Client identification

 

To use Google's authentication services, Deyel must present credentials that identify it as an OAuth 2.0 client.

This property sets the Client ID, which is part of those credentials.

 

It can only be configured in On-Premise environments

 

 

Name

GoogleClientID

Code

GOOGLE_CLIENT_ID

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-incluye-docu

Default Value

 

 

 

Google authentication - OAuth credentials - Client Secret

 

To use Google's authentication services, Deyel must present credentials that identify it as an OAuth 2.0 client.

This property sets the Client Secret, which is part of those credentials.

 

It can only be configured in On-Premise environments

 

 

Name

GoogleClientSecret

Code

GOOGLE_CLIENT_SECRET

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-incluye-docu

Default Value

 

 

 

Custom authentication

 

Name of the rule defined to run Custom authentication.

 

Name

CustomAuthentication

Code

CUSTOM_AUTHENTICATION

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Default Value

 

 

 

The existence of the rule is validated by configuring the type of custom or mixed authentication that contains it.

If the rule exists, it is validated to have the required input and output parameters.

 

 

Authorized domains to send user invitations

 

The email addresses to which invitations are sent must belong to one of the domains reported in this property. Several domains can be indicated, separated by semicolons. For example: 'mycompany.com ; optis.com'. If no value is reported, then invitations can be sent to any email address.

 

Name

AuthorizedDomains

Code

AUTHORIZED_DOMAINS

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Possible Value

They must be valid domain names. They can be separated by semicolons.

 

 

Require password change

 

When a user uses 'Forgot your password' and logs in for the first time with the assigned password, Deyel may require a password change depending on the value of this property:

 

- Not Required - Deyel allows the user to continue using the assigned password.

- Optional - The password change screen is presented prompting the user to update it. You can do so or indicate that you keep the assigned password.

- Required - The user is forced to change the password in order to continue.

 

Name

RequireChangePassword

Code

PASSWORD_CHANGE

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-incluye-docu

Possible Values

Not Required (Default)

Optional

Required

 

 

Maximum duration of user session

 

Maximum duration of user session, expressed in minutes. If that time is exceeded, the session expires and the user has to log in again. By indicating the value -1 the sessions do not expire.

 

Name

MaximumSessionDuration

Code

MAX_SESSION_EXPIRATION_TIME

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Possible Values

-1 (Default), indicates that sessions do not expire for a maximum time.

 

It may contain numeric values that represent a number of minutes.

 

 

Maximum number of simultaneous sessions per user

 

Allows to limit the number of simultaneous sessions that a user can have active. Indicating the value -1 the number of sessions is unlimited.

 

Name

NumberofSimultaneousSessions

Code

MAX_SESSIONS_BY_USER

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Possible Values

-1 (Default), indicates that the number of simultaneous sessions is unlimited.

 

 

Maximum number of failed logins

 

Sets the maximum allowable number of failed authentications due to incorrect passwords. When the user exceeds this number of consecutive failed attempts, their account becomes inactive. If the value -1 is set, there is no limitation on the number of failed logins.

This control only applies when using the native authentication mechanism, in which Deyel is responsible for verifying the user's password.

 

Name

MaximumAmountOfFailedAccesses

Code

INVALID_PASS_ATTEMPTS

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Possible Values

-1 (Default), indicates that there is no limitation on the number of failed logins.

 

 

Maximum user locked time

 

The account locking by number of failed logins is set for a maximum period of time, indicated in minutes, in this property. After that time, the user will be able to access again, if they enter correctly with their password.

 

If -1 is indicated then the account remains locked indefinitely until one of the planned unlocking mechanisms is executed:

 

- The security administrator activates the account again.

- The user receives an email with a link that allows them to activate their account again.

 

Name

MaximumUserLockoutTime

Code

MAX_USER_BLOQUED_TIME

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Possible Values

-1 (Default), indicates that the account remains blocked.

 

 

Password history

 

When the user registers their password, Deyel verifies that it is different from the previous N.

The number N, defined in this property, can assume values between 0 and 100.

If 0 is indicated, then Deyel does not compare the new password with the previous ones. Repetitions are allowed.

 

Name

PasswordHistory

Code

PASSWORD_HISTORY

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Possible Values

- 0 (Default), indicates that password repetition is not enforced.

 

- N between 1 and 100.

 

This mechanism is applied when access passwords are managed by Deyel, using native authentication.

 

When the user enters a new key password, Deyel verifies the following:

 

- If N=0, the new password is not compared with the previous ones.

- If N=1, the new password cannot be the same as the current one.

- If N>1, the new password cannot be the same as the current one, and neither can it be the same as the previous N-1 passwords.

 

For example, if N=3, the new password must be different from the current one and the 2 previous ones recorded in history.

 

When the password is invalid, the user receives a message “You have used that password previously. You must report a different one.”

 

To implement this control, Deyel keeps a history of all passwords used by the user. Values are kept in chronological order and encrypted in the database and are not accessible by the user.

 

 

Two step authentication

 

When using native or custom authentication, it is possible to enable two-step authentication.

This property sets the desired behavior.

 

Name

TwoFactorAuthentication

Code

2FA

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Possible Values

Optional (Default)

Required

Not Enabled

 

 

Password expiration time

 

Indicates the number of consecutive days that must pass for a password to expire.

If the value -1 is specified, then passwords do not expire.

 

Name

PasswordExpirationTime

Code

PASSWORD_EXPIRATION_TIME

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Possible Values

-1 (Default), indicates that passwords do not expire.

 

It may contain numeric values that represent a number of days.

 

This control is applied when using the native authentication, where passwords are managed by Deyel.

 

Each time the user sets a new password, the time at which this operation is performed is recorded and the expiration time can be calculated.

 

For example, if the value 1 is reported,  passwords that were set on that day expire the day after.

 

 

Password expiration notification

 

Indicates the number of days in advance that users must be notified of the expiration of their password.

 

- If the value -1 is indicated, then no notification is issued.

- If a value other than -1 is specified, then it is checked to be less than the property Password expiration time.

 

The scheduled task must be active Notify Password Expiration.

 

Name

PasswordExpirationNotification

Code

PASSWORD_EXPIRATION_ALERT_TIME

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Possible Values

-1 (Default), indicates that no notification is issued.

 

It may contain numeric values that represent a number of days.

Send us your comments
Share on X Share on Linkedin Send by Email Print