# Authentication management

By default, *SecureAccess® CLOUD* comes with and **Internal User Directory** where the initial administrator account is registered.

Additionally, *SecureAccess® CLOUD* can be integrated with external authentication providers based on ***LDAP*** protocol.  

### Install an LDAP authentication provider <a href="#install-an-ldap-authentication-provider" id="install-an-ldap-authentication-provider"></a>

In section ***Users >> Authentication Providers*** you can register a new *LDAP* provider.&#x20;

To do this press the button:

<div align="left"><img src="https://3407554211-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Lc6SmWC2XaTk3mzBSlS%2F-Lc76ZAGg83M7B1vvwnS%2F-Lc7AUm1PFRYVWY3Nobh%2Fimage.png?alt=media&#x26;token=d2314f82-4f34-47b3-b8ee-103cdb9b5770" alt=""></div>

And a new form will be shown to fill all the necessary parameters to establish the connection with the *LDAP* server. 

![Image 1: Add LDAP form](https://3407554211-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Lc6SmWC2XaTk3mzBSlS%2F-Lc76ZAGg83M7B1vvwnS%2F-Lc7AgMYSidLuySoVC6H%2Fimage.png?alt=media\&token=ce2f191e-6ca1-4439-9056-fc7dda11f4a1)

Once all the required parameters are filled and saved this provider will be shown in the providers list. Every hour all the providers will synchronize, and all users and groups will be imported into the platform. This synchronization mechanism will add new users and groups and removed the ones already deleted in your authentication provider. &#x20;

### Users and Groups management <a href="#users-and-groups-management" id="users-and-groups-management"></a>

In section *Users*  you can find two subsections, ***Manage Users*** and ***Manage Groups***.&#x20;

![Image 2: Users management page](https://3407554211-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Lc6SmWC2XaTk3mzBSlS%2F-Lc76ZAGg83M7B1vvwnS%2F-Lc7B5rLo-1mrbpWPSF4%2Fimage.png?alt=media\&token=8d8fdda8-a65e-4b77-afb2-77f7cabec2f9)

In this view you can perform the following actions for each user. 

### Manage user two factor authentication <a href="#manage-user-two-factor-authentication" id="manage-user-two-factor-authentication"></a>

By default, users won't have any second factor of authentication configured in their accounts. In the third column you can select which type of second factor will be used to verify user's identity. Once selected, in the user's next login he or she would need to pair a mobile device with the *SecureAccess® CLOUD* account by scanning the *QR* code shown in the screen. This pairing can be reset by clicking on the icon next to selected method or by disabling it and enabling it again.

![Image 3: Two factor options](https://3407554211-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Lc6SmWC2XaTk3mzBSlS%2F-Lc76ZAGg83M7B1vvwnS%2F-Lc7BLsgZibMdXq3udWl%2Fimage.png?alt=media\&token=e289f3db-1493-47f2-8791-bc8f8e1bf79b)

### How to set the Two Factor Authentication up <a href="#how-to-set-the-two-factor-authentication-up" id="how-to-set-the-two-factor-authentication-up"></a>

Setting two factor authentication for a  *SecureAccess® CLOUD* account is easy. Simply follow these steps and you will be done in minutes: &#x20;

1. Access your admin dashboard.&#x20;
2. Go to Users management section ( ***Users >> Users and Groups*** ).
3. Find the user you want to enable the *2FA*.&#x20;
4. Change the *2FA* method to the desired one ( ***TOTP or Push*** ).&#x20;
5. That´s it. In the next user login the *QR* code will be shown.

### Two Factor Authentication troubleshooting <a href="#two-factor-authentication-troubleshooting" id="two-factor-authentication-troubleshooting"></a>

During the setup and use of *SecureAccess® 2FA* authentication you might find or face some problems. If the solution to your problem is not listed below, please contact us at **<support@secureaccess.com>**&#x20;

* **An user has lost/change mobile phone and lost the information stored in the app.** \
  Disable the *2FA* for the user and enable it again. On the next login the new *QR code* will be shown.<br>
* **After enabling the 2FA for a user, the QR code is not shown on the screen.** \
  Please, disable the *2FA* method for the user and enabled it again.<br>
* **TOTP codes from the mobile app are not valid.** \
  \&#xNAN;*TOTP* codes are generated using the time set in your mobile phone, there is a window of error, but the mobile phone and the server must be in sync. Check that your mobile phone date and time is updated and synchronized with a standard Internet Time Server.<br>
* **User´s mobile phone is not receiving Push notifications.** \
  Ensure the mobile phone has internet connection, otherwise notifications will not be received. If the problem persists, please disable and re-enable the *2FA* method on your admin dsshboard.

### Admin privileges management <a href="#admin-privileges-management" id="admin-privileges-management"></a>

In the fourth column you can enable admin privileges for any user by simply clicking on the checkbox. These users will be able to access the admin dashboard and manage all aspects of your *SecureAccess® CLOUD* instance. &#x20;

### Enable or disable users or groups <a href="#enable-or-disable-users-or-groups" id="enable-or-disable-users-or-groups"></a>

The "enabled" allows you to change the status of the users and groups. When a user is disabled it will no longer be allowed to access any of the protected web applications.  Disabled groups will not have any effects in the permission scheme.