Learn how to manage users, install LDAP providers as well as set up two-factor authentication for users with SecureAccess® CLOUD authentication management.
By default, SecureAccess® CLOUD comes with and Internal User Directory where the initial administrator account is registered.
Additionally, SecureAccess® CLOUD can be integrated with external authentication providers based on LDAP protocol.
In section Users >> Authentication Providers you can register a new LDAP provider.
To do this press the button:
And a new form will be shown to fill all the necessary parameters to establish the connection with the LDAP server.
Image 1: Add LDAP form
Once all the required parameters are filled and saved this provider will be shown in the providers list. Every hour all the providers will synchronize, and all users and groups will be imported into the platform. This synchronization mechanism will add new users and groups and removed the ones already deleted in your authentication provider.
In section Users you can find two subsections, Manage Users and Manage Groups.
Image 2: Users management page
In this view you can perform the following actions for each user.
By default, users won't have any second factor of authentication configured in their accounts. In the third column you can select which type of second factor will be used to verify user's identity. Once selected, in the user's next login he or she would need to pair a mobile device with the SecureAccess® CLOUD account by scanning the QR code shown in the screen. This pairing can be reset by clicking on the icon next to selected method or by disabling it and enabling it again.
Image 3: Two factor options
Setting two factor authentication for a SecureAccess® CLOUD account is easy. Simply follow these steps and you will be done in minutes:
- 1.Access your admin dashboard.
- 2.Go to Users management section ( Users >> Users and Groups ).
- 3.Find the user you want to enable the 2FA.
- 4.Change the 2FA method to the desired one ( TOTP or Push ).
- 5.That´s it. In the next user login the QR code will be shown.
- An user has lost/change mobile phone and lost the information stored in the app. Disable the 2FA for the user and enable it again. On the next login the new QR code will be shown.
- After enabling the 2FA for a user, the QR code is not shown on the screen. Please, disable the 2FA method for the user and enabled it again.
- TOTP codes from the mobile app are not valid. TOTP codes are generated using the time set in your mobile phone, there is a window of error, but the mobile phone and the server must be in sync. Check that your mobile phone date and time is updated and synchronized with a standard Internet Time Server.
- User´s mobile phone is not receiving Push notifications. Ensure the mobile phone has internet connection, otherwise notifications will not be received. If the problem persists, please disable and re-enable the 2FA method on your admin dsshboard.
In the fourth column you can enable admin privileges for any user by simply clicking on the checkbox. These users will be able to access the admin dashboard and manage all aspects of your SecureAccess® CLOUD instance.
The "enabled" allows you to change the status of the users and groups. When a user is disabled it will no longer be allowed to access any of the protected web applications. Disabled groups will not have any effects in the permission scheme.