penelope case management software AUTHENTICATION GUIDE v4.4 and higher

Transcription

1 penelope case management software AUTHENTICATION GUIDE v4.4 and higher Last modified: August 9, 2016

2 TABLE OF CONTENTS Authentication: The basics... 4 About authentication... 4 SSO authentication... 4 Penelope authentication... 4 SSO authentication... 5 About SSO... 5 Process Flow: Enable SSO authentication... 6 Enable both SSO AND PENELOPE authentication for the first time... 6 Step 1: Configure the external address for Penelope... 6 Step 2: Register Penelope in your IDP... 6 Step 3: Configure SSO and Penelope Authentication... 7 Authentication type setup options... 7 Security Password setup options... 8 Single Sign On (SSO) Setup options... 9 Step 4: Test SSO authentication Step 5a: Modify worker accounts to use SSO authentication in batch mode Step 5b: Modify individual worker accounts to use SSO authentication Step 6: (Optional) Modify the authentication type to use SSO authentication only Step 7: (Optional) Configure additional Penelope authentication settings Manage SSO authentication Modify the application ID for Penelope Modify the application secret for Penelope Modify the security group for Penelope Modify the label for Penelope credentials Modify the login description for Penelope Modify the label for SSO credentials Modify the login description for SSO Disable SSO authentication Penelope authentication About Penelope AUTHENTICATION Password algorithm step logins User managed password reset process Maintenance features Configure Penelope authentication for the first time Authentication type setup options Security Password setup options step login about the 2-step login method Set up an authentication Configure the 2-step login feature for the first time Enable or disable the 2-step login feature Enable or disable trusted devices

3 Enable or disable security questions Change how often 2-step login is required Trusted devices About trusted devices Set how often users must confirm their trusted devices Require that admins review trusted devices Accept or reject an address or sms number Configure which worker category receives alerts for authentication events Force all users to access Penelope using a 2-step login method at next login Set up a trusted address or SMS phone number for the first time Update a trusted address and/or SMS phone number Verification codes About verification codes Set the daily maximum number of verification codes for users Set the daily maximum number of verification codes for your agency Security questions About security questions Best practices: Security questions Set the minimum number of security questions that users must configure Create a list of security question options Edit the text of a security question Activate a security question Delete a security question Set up security questions responses for the first time Update your security question responses User managed password reset About user managed password reset Enable The user managed password reset feature Disable The user managed password reset feature Reset your account password Manage passwords About passwords Set how often users must change their passwords Force all users to reset their password at next login Unlock a user account

4 authentication: the basics ABOUT AUTHENTICATION Authentication refers to how users are validated to access the Penelope database. Each worker has a unique username and confidential password that allows them to log in to the Penelope database. In version and higher of Penelope, there are two types of authentication that you can choose to implement in your database: Single Sign On (SSO) authentication using an Identify Provider (IDP) and built-in Penelope authentication. Additionally, you can also choose to employ a combination of SSO and Penelope authentication. Organizations that employ large numbers of volunteers, students, or other staff who don t have user accounts in the IDP may choose to employ both types of authentication. SSO AUTHENTICATION Single Sign On (SSO) is an authentication process that allows organizations to manage login credentials for multiple applications in a singular location using an Identity Provider (IDP). The SSO feature in Penelope allows you to use your agency s existing IDP to manage the username and password that workers use to log in to your Penelope database. The SSO feature in Penelope uses the OAuth 2.0 protocol, which allows Penelope to connect to an external server to authenticate a user. To implement SSO for your organization, your organization s IDP must use OAuth 2.0. SSO authentication in Penelope is limited to maintenance of usernames and passwords. Each user must have an account set up in both Penelope and the IDP. Security settings regarding access and privileges within the Penelope database must also be configured and maintained through Penelope s built-in security settings. PENELOPE AUTHENTICATION Penelope authentication refers to the use of Penelope s built-in username and password functionality and the built-in password algorithm. When a worker account is created, a unique username is assigned and you can set a temporary password that the worker can update. The algorithm for passwords has been designed to better counteract hacking attempts. Instead of requiring that you configure password requirements, passwords now must meet minimum security requirements based on mathematical difficulty to crack. You can enhance the security of the authentication process by using the 2-step logins, trusted devices, security questions, and/or user managed reset options. The 2-step login method enables you to set up additional identity checks (using trusted devices and/or security questions) that users must fulfill to access Penelope. A trusted device is an address or SMS phone number that you have assigned to your user account in Penelope. Security questions are a method of verifying the user s identity where only the user should know the answers to the questions. If trusted devices and security questions are enabled, you can make use of the new user managed password reset process allowing the user to reset their own password. 4

5 sso authentication ABOUT SSO Single Sign On (SSO) is an authentication process that allows organizations to manage login credentials for multiple applications in a singular location using an Identity Provider (IDP). The SSO feature in Penelope allows you to use your agency s existing IDP to manage the username and password that workers use to log in to your Penelope database. The SSO feature in Penelope uses the OAuth 2.0 protocol, which allows Penelope to connect to an external server to authenticate a user. To implement SSO for your organization, your organization s IDP must use OAuth 2.0. Common examples of IDPs that use OAuth 2.0 include the most recent version of Active Directory, Microsoft Office 365, and Google for Business. Note that LDAP and SAML are not compatible with OAuth 2.0 or Penelope s SSO feature. To configure SSO in Penelope, you must first set up a publicly accessible URL for Penelope that is accessible by your IDP. This URL must be static, and you should avoid using an alias. Next, you need to register Penelope as an application in your IDP while also entering the external URL for Penelope and determining which users should have access to Penelope. You can then set up the SSO feature in Penelope including the relevant configuration details from your IDP. When you have finished the configuration in Penelope, you must test SSO. Worker accounts in Penelope can then be updated to include their unique SSO credentials. The SSO feature in Penelope does not include automatic synchronization of accounts; this means each new worker s user account must be created in both Penelope and your IDP. Further, there is no synchronization of deactivated accounts, so accounts must be deactivated in both the IDP and Penelope. If a worker is active in SSO but not in Penelope, they will be unable to login to Penelope despite successfully entering SSO login credentials. Although the worker would not be able to log in to Penelope in this scenario, we recommend deactivating former staff members in Penelope as well to avoid having the names of inactive workers appear in future reporting and Service File assignment lists. Although you can configure Penelope to include the use of both SSO and built-in Penelope authentication, each worker account can use a single authentication method. If you have a group of workers that need access to Penelope but are not configured in your IDP, their accounts should use the default and built-in Penelope authentication process. The SSO authentication process manages the username and password that the worker uses to log in to the database. Note that password security is managed through your IDP and does not use Penelope s built-in password algorithms or other security enhancements like two-step logins or security questions. When you enable SSO authentication, you choose to override the security algorithms used by built-in Penelope authentication. Your organization needs to ensure that the IDP password requirements meet the appropriate standards for a clinical setting. Authorization configuration for a Penelope user must also still occur with Penelope s built-in security functionality. This configuration includes managing which aspects of the Penelope database a user has access to; for example, Service Files, the Intake Wizard, Groups, etc. 5

6 PROCESS FLOW: ENABLE SSO AUTHENTICATION 1. Configure the external address for Penelope 2. Register Penelope in your IDP 3. Configure SSO and Penelope Authentication 4. Test SSO authentication 5. Modify worker accounts to use SSO authentication 6. (Optional) Modify the authentication type to use SSO authentication only 7. (Optional) Configure additional Penelope authentication settings to use both SSO and Penelope authentication ENABLE BOTH SSO AND PENELOPE AUTHENTICATION FOR THE FIRST TIME Built-in Penelope authentication is enabled by default. Complete these steps to enable SSO authentication using your organization s Identity Provider. Note: We highly recommend enabling both SSO and Penelope authentication initially, even if you plan to only use SSO authentication in the long term. Enabling both authentication options allows you to successfully test and reconfigure SSO authentication settings as needed. If you enable SSO authentication only, you risk locking user accounts (including System Administrator accounts) if they haven t been properly configured in your IDP prior to completing the full SSO configuration in Penelope. As such, every worker and System Administrator account in Penelope that will use SSO authentication must be set up with a valid account in your IDP. STEP 1: CONFIGURE THE EXTERNAL ADDRESS FOR PENELOPE To configure SSO in Penelope, you must first set up a publicly accessible URL for Penelope that is accessible by your IDP. This URL must be static, and you should avoid using an alias. 1. In the System Setup section, click External Communications. 2. Click Edit. 3. In the Penelope s external address (including port), type the publicly accessible external address for your Penelope database. 4. Click Save. STEP 2: REGISTER PENELOPE IN YOUR IDP You must register Penelope in your Identify Provider (IDP). As each IDP is different and may include a variety of steps, we recommend you consult your IDP for relevant instructions and guidance to configure Penelope as an application. You will also need to record values for the following fields from your IDP for later use in Penelope: Authentication endpoint Token endpoint Application ID Application secret (Optionally) Security group or scope 6

7 STEP 3: CONFIGURE SSO AND PENELOPE AUTHENTICATION 4. From the Authentication type setup drop-down, choose Use both Penelope and SSO accounts. 5. In the Default authentication section, choose which account type you want as the default. 6. (Optional) In the Login Settings section, complete the following fields if you plan to use both SSO and Penelope authentication: a. From the Send alert messages to drop-down, choose which Worker Category should receive authentication messages. b. In the Passwords must be changed every field, type how often you want users to change their passwords. c. In the Lock user accounts after X days since last login field, type how many days a worker can go without logging in to Penelope before their user account is locked. d. In the Maximum verification codes per user per day field, type the maximum number of verification codes that can be sent to a single user per day. e. In the Maximum total verification codes per day field, type the maximum number of verification codes that can be sent agency-wide per day. f. In the Prompt user to confirm trusted devices every field, type how often workers should confirm their trusted devices. g. To require that a System Administrator or Super User review and approve a trusted address, click the Admin review of trusted s option. h. To require that a System Administrator or Super User review and approve trusted phone numbers, click the Admin review of trusted phone numbers option. 7. In the OAuth 2.0 (OpenID Connect) Configurations section, complete the following fields: a. From the SSO provider drop-down, choose your Identity Provider. b. If you are using a Custom Identity Provider, in the Authorization endpoint field, type the link to the authorization endpoint. c. If you are using a Custom Identity Provider, in the Token endpoint field, type the link to the token endpoint. d. In the Application ID field, type the application ID for Penelope defined by your IDP. e. In the Application secret field, type the application secret for Penelope defined by your IDP. f. If desired, in the Security group (scope) field, type the security group for Penelope defined by your IDP. g. In the Label for Penelope credentials field, type the desired label for Penelope authentication. h. In the Login description for Penelope field, type the desired description for Penelope authentication. i. In the Label for SSO credentials field, type the desired label for SSO authentication. j. In the Login description for SSO field, type the desired description for SSO authentication. 8. Click Save. AUTHENTICATION TYPE SETUP OPTIONS Setting Description 7

8 Choose authentication type Default authentication You can choose which type of authentication you d like to implement at your organization: Single Sign On (SSO) using your OAuth 2.0-compatible Identity Provider, built-in Penelope authentication, or both. If you have chosen to use both Penelope and SSO accounts as available authentication types, you can choose which authentication type is the default option. The default authentication type appears as the default sign in option. Note that this option appears only if you ve chosen to use both Penelope and SSO accounts from the Choose authentication type drop-down. SECURITY PASSWORD SETUP OPTIONS These configuration settings apply to organizations that have chosen to use Penelope authentication or both Penelope and SSO authentication. Setting Send alert message to Passwords must be changed every X day(s) Lock user accounts after X days since last login Maximum verification codes per user per day Maximum total verification codes per day Prompt user to confirm trusted devices every X months Admin review of trusted s Admin review of trusted phone numbers Description The option to select which Worker Category should receive authentication alerts. The frequency in days in which passwords must be changed for your organization. The ability to set a maximum number of days that a worker can go without logging in prior to their user account being locked. Enter 0 if you would not like to use this feature. The maximum number of verification codes that can be sent to a single user per day. Verification codes are sent to a trusted device when two-step login is enabled. A trusted device is an address or SMS phone number that you have connected to your user account in Penelope. The maximum number of verification codes that can be sent to all users organization-wide per day. Verification codes are sent to a trusted device when two-step login is enabled. A trusted device is an address or SMS phone number that you have connected to your user account in Penelope. The frequency in months in which each user must confirm the trusted devices they have set up for their user account. A trusted device is an address or SMS phone number that you have connected to your user account in Penelope. The option to require that a worker with System Administration or Super User privileges must review and approve a trusted address. The option to require that a worker with System Administration or Super User privileges must review and approve a trusted phone number. 8

9 SINGLE SIGN ON (SSO) SETUP OPTIONS These configuration settings apply to organizations that have chosen to use SSO authentication only or both Penelope and SSO authentication types. Note that the terminology in the SSO setup in Penelope corresponds with standard OAuth 2.0 terminology. Your Identify Provider (IDP) may use different terminology for these settings. Setting SSO provider Authentication endpoint Token endpoint Application ID Application secret Security group (scope) Label for Penelope credentials Login description for Penelope Label for SSO credentials Description The option to select which IDP your organization uses. You can choose between Google, Microsoft Office 365, or a Custom Identity Provider. The URL to the endpoint on the authorization server of your IDP that processes the access request from the user. The authorization endpoint enables Penelope to obtain required access to your IDP by requesting authorization on the user s behalf. If you select either Google or Microsoft Office 365 as your IDP, this field prepopulates for you and you should not need to change it. If you select Custom Identity Provider as your IDP, you must paste the applicable authentication endpoint. This information can be found through your IDP. The URL to the token endpoint on the authorization server of your IDP that exchanges the authorization code, application ID, and application secret for an access token. If you select either Google Identity or Microsoft Office 365 as your IDP, this field prepopulates for you and you should not need to change it. If you select Custom Identity Provider as your IDP, you must paste the applicable token endpoint. This information can be found through your IDP. The unique identifier for Penelope given by your IDP. The unique passcode or secret for the Penelope application given by your IDP. An optional setting to define a specific group of users who have accounts in your IDP that should have access to Penelope. This setting ensures that the IDP knows to only authenticate people with scope set to the defined Penelope security group. The option to set a custom label that will display for users logging into Penelope using the built-in Penelope authentication, as well as all other locations throughout Penelope where authentication is referenced (for example, on the Worker Profile). The label defaults to Penelope. The option to set a custom description for built-in Penelope authentication that appears on the login page only. The description can be used to help workers understand which credential they should use. The option to set a custom label that displays for users logging into Penelope using SSO authentication as well as all other locations throughout Penelope 9

10 where authentication is referenced (for example, on the Worker Profile). The label defaults to Single Sign On (SSO). Login description for SSO The option to set a custom description for SSO authentication that appears on the login page only. The description can be used to help workers understand which credential they should use. STEP 4: TEST SSO AUTHENTICATION 3. In the Single Sign On (SSO) Connection Test section, click Test. After you click Test, you will be directed to your IDP. You will need to enter login credentials for a valid IDP account. Note that these login credentials can be for any user account in the IDP. You do not necessarily need to use administrator access as this process simply tests the connection. Penelope will display a result message telling you if the connection was successful or not. If you are successful, you can close the page and proceed with the next steps. If the connection is not successful, you will need to revisit the configuration items in Step 3 based on the contents of the error message and continue testing the connection until it is successful. STEP 5A: MODIFY WORKER ACCOUNTS TO USE SSO AUTHENTICATION IN BATCH MODE To update multiple worker accounts to use SSO authentication, you can upload an SSO identifier file with the required information for SSO authentication; namely, the worker s unique identifier (uid) from your Identify Provider (IDP). To assist with creating the SSO identifier file, you can download a template from Penelope that specifies which fields are required. The SSO identifier file template includes columns to capture the following information: kbookitemid, userid, firstname, lastname, and uid. The kbookitemid and userid columns are unique identifiers for workers in Penelope. You can download a copy of the Penelope-based user authentication information to assist in gathering the kbookitemid and userid values. When uploading the completed SSO identifier file to Penelope, Penelope uses these unique identifiers to ensure the correct worker profile is updated with the uid from your Identity Provider. We do not recommend relying only on the firstname and lastname columns as your organization may have more than one worker with the same first and last name. If you upload an SSO identifier file with duplicate first and last names, Penelope will ignore the duplicate instances. Note that if you include any worker information in the upload file for workers who do not already have a Penelope account, Penelope will not automatically create a worker account through the upload. 3. To download the SSO identifier template, in the Synchronize UID section, next to Sample SSO identifier file (csv), click Download. 4. To download all users authentication information, on the Maintenance tab, next to Download all users authentication info, click Download. 10

11 5. Copy the kbookitemid, userid, firstname, and lastname values from the users authentication file into the applicable columns in the Sample SSO identifier file. 6. In your Identity Provider, locate the unique identifier (UID) and copy the value into the Sample SSO identifier file for each worker. 7. Save the file. 8. In Penelope, browse to User Setup > Security > Authentication > Synchronize UID. 9. Next to Upload SSO identifier file (csv), click Choose File. Locate the Sample SSO identifier file and upload. After you finish: To verify that each worker account has been updated with SSO authentication information, you can search for a Worker Profile and verify the Login Credentials. STEP 5B: MODIFY INDIVIDUAL WORKER ACCOUNTS TO USE SSO AUTHENTICATION Prerequisite: You must be logged in to Penelope using a System Administrator account or a Super User account with access to modify a Worker Profile. 1. Click Search. 2. On the Worker tab, in the Worker Name field, type the name of the worker whose authentication settings you want to update. 3. On the Worker Profile, in the Login Credentials section, click Change. 4. In the Login using section, select Single Sign On (SSO). 5. In the New SSO Identifier field, paste the unique ID (sometimes called UID, SID, Object ID, etc.) for the worker as provided by your IDP. 6. Click Save. 7. Repeat steps 1 through 6 for all remaining workers. STEP 6: (OPTIONAL) MODIFY THE AUTHENTICATION TYPE TO USE SSO AUTHENTICATION ONLY Complete this step if you plan to use only SSO authentication and have completed all other configuration steps (steps 1 through 5). You should also ensure that your System Administrator accounts have been configured properly to use SSO. 4. From the Authentication type setup drop-down, choose Use SSO account only. STEP 7: (OPTIONAL) CONFIGURE ADDITIONAL PENELOPE AUTHENTICATION SETTINGS Complete this step if you plan to use both SSO and Penelope authentication types. For more details, see the Penelope authentication section. 11

12 MANAGE SSO AUTHENTICATION MODIFY THE APPLICATION ID FOR PENELOPE 4. From the Authentication type setup drop-down, choose Use SSO account only. 5. In the OAuth 2.0 (OpenID Connect) Configurations section, in the Application ID field, type the application ID for Penelope defined by your IDP. 6. Click Save. MODIFY THE APPLICATION SECRET FOR PENELOPE 4. From the Authentication type setup drop-down, choose Use SSO account only. 5. In the OAuth 2.0 (OpenID Connect) Configurations section, in the Application secret field, type the application secret for Penelope defined by your IDP. 6. Click Save. MODIFY THE SECURITY GROUP FOR PENELOPE 4. From the Authentication type setup drop-down, choose Use SSO account only. 5. In the OAuth 2.0 (OpenID Connect) Configurations section, in the Security group (scope) field, type the security group for Penelope defined by your IDP. 6. Click Save. MODIFY THE LABEL FOR PENELOPE CREDENTIALS 4. From the Authentication type setup drop-down, choose Use SSO account only. 5. In the OAuth 2.0 (OpenID Connect) Configurations section, in the Label for Penelope credentials field, type the desired label for Penelope authentication. 12

13 6. Click Save. MODIFY THE LOGIN DESCRIPTION FOR PENELOPE 4. From the Authentication type setup drop-down, choose Use SSO account only. 5. In the OAuth 2.0 (OpenID Connect) Configurations section, in the Login description for Penelope field, type the desired description for Penelope authentication. 6. Click Save. MODIFY THE LABEL FOR SSO CREDENTIALS 4. From the Authentication type setup drop-down, choose Use SSO account only. 5. In the OAuth 2.0 (OpenID Connect) Configurations section, in the Label for SSO credentials field, type the desired label for SSO authentication. 6. Click Save. MODIFY THE LOGIN DESCRIPTION FOR SSO 4. From the Authentication type setup drop-down, choose Use SSO account only. 5. In the OAuth 2.0 (OpenID Connect) Configurations section, in the Login description for SSO field, type the desired description for SSO authentication. 6. Click Save. DISABLE SSO AUTHENTICATION If you disable SSO authentication in Penelope, all worker accounts will automatically revert back to using their original Penelope usernames and passwords. Any workers who are logged into Penelope at the time that SSO authentication is disabled will automatically be logged out. We recommend implementing the User managed password reset feature to allow staff to reset their own Penelope passwords after SSO authentication is disabled. 13

14 4. From the Authentication type setup drop-down, choose Use Penelope account only. 5. Modify other Penelope authentication settings as needed. 6. Click Save. 14

15 penelope authentication ABOUT PENELOPE AUTHENTICATION Penelope authentication refers to the use of Penelope s built-in username and password functionality and the built-in password algorithm. You can enhance the security of the authentication process by using the 2-step logins, trusted devices, security questions, and/or user managed reset options. PASSWORD ALGORITHM In version 4.1 and above, the algorithm for passwords reflects increased security measures. Instead of requiring that you configure password requirements, passwords now must meet minimum security requirements based on mathematical difficulty to crack. As a best practice, we recommend that passwords include a mixture of lower and uppercase letters, numbers, and symbols. Further, you should combine the characters in such a way to create a lengthy password. 2-STEP LOGINS The 2-step login method enables you to set up additional identity checks (using trusted devices and/or security questions) that users must fulfill to access Penelope. You can require that, after a specified number of logins, users must respond to a security question or type in a verification code that has been sent to a trusted device. Further, each time a user logs in to Penelope through a new browser or after they have cleared their cache/cookies, they are required to provide their 2-step login credentials. A trusted device is an address or SMS phone number that you have assigned to your user account in Penelope. 2-step logins make use of your trusted devices by sending a verification code to the device. To make use of trusted devices, you must have your External Communication settings enabled. Security questions are a method of verifying the user s identity where only the user should know the answers to the questions. A System Administrator can set up a list of security questions that users can configure answers for. USER MANAGED PASSWORD RESET PROCESS If trusted devices and security questions are enabled, you can make use of the new user managed password reset process. The user managed password reset feature allows a user to reset their own password. To reset their password, the user must enter the verification code that has been sent using their External Communication settings and input the correct response to their security question. MAINTENANCE FEATURES Security maintenance features include the ability to require that an administrator review trusted devices, an updated mechanism for unlocking user accounts, and the ability to force a 2-step login or password reset for all users. 15

16 CONFIGURE PENELOPE AUTHENTICATION FOR THE FIRST TIME Penelope authentication is enabled by default. Complete these steps to customize the Penelope authentication options. 4. From the Authentication type setup drop-down, choose Use Penelope account only. 5. In the Login Settings section, complete the following fields: a. From the Send alert messages to drop-down, choose which Worker Category should receive authentication messages. b. In the Passwords must be changed every field, type how often you want users to change their passwords. c. In the Lock user accounts after X days since last login field, type how long a worker can go without logging in prior to their user account being locked. d. In the Maximum verification codes per user per day field, type the maximum number of verification codes that can be sent to a single user per day. e. In the Maximum total verification codes per day field, type the maximum number of verification codes that can be sent agency wide per day. f. In the Prompt user to confirm trusted devices every field, type how often workers should confirm their trusted devices. g. To require that a System Administrator or Super User review and approve a trusted address, click the Admin review of trusted s option. h. To require that a System Administrator or Super User review and approve a trusted phone numbers, click the Admin review of trusted phone numbers option. 6. Click Save. AUTHENTICATION TYPE SETUP OPTIONS Setting Choose authentication type Default authentication Description You can choose which type of authentication you d like to implement at your organization: Single Sign On (SSO) using your OAuth 2.0-compatible Identity Provider, built-in Penelope authentication, or both. If you have chosen to use both Penelope and SSO accounts as available authentication types, you can choose which authentication type is the default option. The default authentication type appears as the default sign in option. Note that this option appears only if you ve chosen to use both Penelope and SSO accounts from the Choose authentication type drop-down. SECURITY PASSWORD SETUP OPTIONS These configuration settings apply to organizations that have chosen to use Penelope authentication or both Penelope and SSO authentication. 16

17 Setting Send alert message to Passwords must be changed every X day(s) Lock user accounts after X days since last login Maximum verification codes per user per day Maximum total verification codes per day Prompt user to confirm trusted devices every X months Admin review of trusted s Admin review of trusted phone numbers Description The option to select which Worker Category should receive authentication alerts. The frequency in days in which passwords must be changed for your organization. The ability to set a maximum number of days that a worker can go without logging in prior to their user account being locked. Enter 0 if you would not like to use this feature. The maximum number of verification codes that can be sent to a single user per day. Verification codes are sent to a trusted device when two-step login is enabled. A trusted device is an address or SMS phone number that you have connected to your user account in Penelope. The maximum number of verification codes that can be sent to all users organization-wide per day. Verification codes are sent to a trusted device when two-step login is enabled. A trusted device is an address or SMS phone number that you have connected to your user account in Penelope. The frequency in months in which each user must confirm the trusted devices they have set up for their user account. A trusted device is an address or SMS phone number that you have connected to your user account in Penelope. The option to require that a worker with System Administration or Super User privileges must review and approve a trusted address. The option to require that a worker with System Administration or Super User privileges must review and approve a trusted phone number. 2-STEP LOGIN ABOUT THE 2-STEP LOGIN METHOD The 2-step login method enables you to set up additional identity checks using trusted devices and/or security questions. You can require that, after a specified number of logins, users must respond to a security question or type in a verification code that has been sent to a trusted device. Further, each time a user logs in to Penelope through a new a new browser or after they have cleared their cache/cookies, they are required to provide their 2- step login credentials. A trusted device is an address or SMS phone number that you have assigned to your user account in Penelope. 2-step logins make use of your trusted devices by sending a verification code, or pin, to the device. To make use of trusted devices, you must have your External Communication settings enabled. 17

18 Security questions are a method of verifying the user s identity where only the user should know the answer to the question. A System Administrator can set up a list of security questions that users can configure answers for. SET UP AN AUTHENTICATION You can configure which accounts Authentication messages are sent from (i.e. the sender when a verification code message is sent to a user via their trusted device). To enable the 2-step login feature using trusted devices, you must configure your External Communication settings (i.e. and/or SMS). If you have already configured your External Communication settings for use with or SMS notifications for clients and staff members, you can use the same settings, or you can set up a secondary account for Authentication messages specifically. You may want to consider using a second address for authentication if you want to enable other workers (i.e. those not responsible for managing external communications) to view and respond to authentication s. 1. In the System Setup section, click External Communications. 2. In the Authentication section, click edit. 3. Complete on of the following options: a. To use the same settings as your general settings, click the Use standard settings option. b. To configure a different for Authentication, complete the following fields using the information as provided by your provider: i. Host ii. Send from iii. User name iv. Change password v. Port number vi. Encryption 4. Click Save. CONFIGURE THE 2-STEP LOGIN FEATURE FOR THE FIRST TIME To enable trusted devices, you must configure your external communication settings. For more information about configuring your external communication settings, see Set up external communication accounts. 3. In the 2-step log in section, click Enable. 4. Click Edit. 5. Complete one or more of the following options: a. To enable trusted devices as a 2-step login method, in the Enable trusted devices section, choose one of the following options: i. Via ii. Via SMS iii. Via or SMS b. To choose not enable trusted devices as a 2-step login method, in the Enable trusted devices section, click No. 18

19 c. To enable the use of Security Questions as a 2-step login method, click the Enable security questions option. 6. To specify how often users must access Penelope via a 2-step login method, in the Require 2-step login every field, type the number of logins that staff members can complete prior to requiring a secure login. 7. Click Save. ENABLE OR DISABLE THE 2-STEP LOGIN FEATURE 3. In the 2-step login section, complete one of the following actions: a. To enable the 2-step login feature, click Enable. b. To disable to 2-step login feature, click Disable. ENABLE OR DISABLE TRUSTED DEVICES 3. In the 2-step log in section, click Edit. 4. Complete one of the following actions: a. To enable trusted devices as a 2-step login method, in the Enable trusted devices section, choose one of the following options: i. Via ii. Via SMS iii. Via or SMS b. To disable trusted devices as a 2-step login method, in the Enable trusted devices section, click No. ENABLE OR DISABLE SECURITY QUESTIONS 3. In the 2-step log in section, click Edit. 4. Complete one of the following options: a. To enable the use of Security Questions as a 2-step login method, click the Enable security questions option. b. To disable the use of Security Questions as a 2-step login method, clear the Enable security questions option. 19

20 CHANGE HOW OFTEN 2-STEP LOGIN IS REQUIRED 3. In the 2-step log in section, click Edit. 4. To specify how often users must access Penelope via a 2-step login method, in the Require 2-step login every field, type the number of logins that staff members can complete prior to requiring a secure login. TRUSTED DEVICES ABOUT TRUSTED DEVICES A trusted device is an address or SMS phone number that you have connected to your user account in Penelope. 2-step logins make use of your trusted devices by sending a verification code to the device. Depending on your configuration, at the time of log in, you could be required to enter the verification code as shown on your trusted device(s). SET HOW OFTEN USERS MUST CONFIRM THEIR TRUSTED DEVICES To confirm a trusted device, users must review the current values for their address or SMS phone number and confirm that they are correct. 4. In the Login settings section, in the Prompt user to confirm trusted devices every field, type how often (in months) that users must confirm their trusted devices. REQUIRE THAT ADMINS REVIEW TRUSTED DEVICES 4. To require that admins review trusted devices, in the Login settings section, complete one or both of the following options: a. Click the Admin must review 2-step addresses option. b. Click the Admin must review 2-step phone numbers option. 20

21 ACCEPT OR REJECT AN ADDRESS OR SMS NUMBER If you have configured the option to require an Admin to review trusted addresses and/or SMS phone numbers, you must review the addresses and SMS numbers listed in the Review or SMS section. 2. Click the Maintenance tab. 1. In the Review and SMS section, choose one of the following options: a. To accept or reject all messages, click Select All. b. To accept or reject specific messages, select the adjacent checkbox. 3. Click Accept or Reject as appropriate. CONFIGURE WHICH WORKER CATEGORY RECEIVES ALERTS FOR AUTHENTICATION EVENTS 4. In the Send Alert Messages To drop-down list, select which Worker Category you would like to receive authentication alerts. FORCE ALL USERS TO ACCESS PENELOPE USING A 2-STEP LOGIN METHOD AT NEXT LOGIN 2. Click the Maintenance tab. 3. In the All Penelope Users section, click Force Secure Login for All Users. SET UP A TRUSTED ADDRESS OR SMS PHONE NUMBER FOR THE FIRST TIME Prerequisite: Your System Administrator must enable 2-step logins using trust devices. The next time you log in to Penelope, you will be prompted to type the trusted address and/or SMS phone number. Before you begin: Browse to your Penelope database. When prompted, type your User name and Password. 1. If applicable, in the field, type a trusted address. 2. If applicable, in the SMS field, type a trusted SMS phone number. 3. On your keyboard, press Enter. UPDATE A TRUSTED ADDRESS AND/OR SMS PHONE NUMBER Prerequisite: You must be logged into your Penelope worker account. 1. In the My Profile sidebar, click View My Profile. 2. In the Personal Message Settings section, click Edit. 21

22 3. In the field, type a trusted address. 4. In the SMS field, type a trusted SMS phone number. VERIFICATION CODES ABOUT VERIFICATION CODES A verification code is a short code that is sent to a user via a trusted address or SMS phone number. The verification code must be entered into the login screen to access Penelope. You can configure the number of verification codes that can be sent to individual users and across the agency. Depending on the size of your agency, you may need to set a higher number of verification codes that can be sent across the system on a given day. If the maximum number of verification codes has been reached, the worker category that you set to receive authentication messages is notified. SET THE DAILY MAXIMUM NUMBER OF VERIFICATION CODES FOR USERS Use this setting to determine the maximum number of verification codes that an individual worker can receive per day. 4. In the Login settings section, in the Maximum verification codes per user per day field, type the maximum number of verification codes that a user can receive in a day. SET THE DAILY MAXIMUM NUMBER OF VERIFICATION CODES FOR YOUR AGENCY Use this setting to determine the maximum number of verification codes that can be sent across the agency per day. 4. In the Login settings, in the Maximum total verification codes per day field, type the maximum number of verification codes that can be sent for the whole agency. 22

23 SECURITY QUESTIONS ABOUT SECURITY QUESTIONS Security questions are a method of verifying the user s identity where only the user should know the answers to the questions. A System Administrator can set up a list of security questions that users can configure answers for. BEST PRACTICES: SECURITY QUESTIONS 1. Avoid using standard security questions available on Social Networking sites. 2. Avoid creating security questions that colleagues would know the answers to. 3. Create three times more questions for users to choose from than the number of answers you will require that they create. For example, if you require that users create three responses, you should create a minimum of 9 questions. 4. Consult your territorial, regional, or industry best practices to create specific security questions. SET THE MINIMUM NUMBER OF SECURITY QUESTIONS THAT USERS MUST CONFIGURE Security questions are used for user managed password reset and, optionally, for 2-step login authentication. You can set the minimum number of security questions that users must create answers for. Users will only be asked to provide an answer to one of the questions that they have configured. 3. In the Security questions section, next to Minimum number of security questions users must create answers for, click (edit). 4. In the Minimum number of questions users must create answers for field, type the minimum number of questions that you want staff members to create answers for. CREATE A LIST OF SECURITY QUESTION OPTIONS 3. In the Security questions section, click Add. 4. In the Question text field, type the desired security question. To add additional security questions, repeat steps

24 EDIT THE TEXT OF A SECURITY QUESTION You can only edit the text of an inactive security question. You cannot edit the text of an active security question because it may be in use by users and their answers may become inaccurate. 3. In the Security questions section, click the security question whose text you want to edit. 4. In the Question text field, edit the text as required. ACTIVATE A SECURITY QUESTION To allow users to make use of the security question that you ve created, you must activate the question. Caution: Once a security question is activated, the question cannot be edited, and it becomes available immediately for users to create answers for. 3. In the Security questions section, click the security question that you want to activate. 4. Click the Active option. DELETE A SECURITY QUESTION Caution: Deleting an active question will also delete any security question answer set up by a user. 3. In the Security questions section, click (-) icon next to the Security Question that you want to delete. 4. Click okay. SET UP SECURITY QUESTIONS RESPONSES FOR THE FIRST TIME Prerequisite: Your System Administrator must enable 2-step logins using security questions. The next time you log in to Penelope, you will be prompted to provide answers to the number of questions that your System Administrator has required. Before you begin: Browse to your Penelope database. When prompted, type your User name and Password. 1. Complete one of the following options: a. To respond to the first available question, in the answer field, type a response. b. To choose a different question to answer, click the arrow buttons next to the question. In the answer field, type a response. 2. Click Add. 24

25 3. Repeat steps 1 and 2 until you have created responses for at least the minimum number of questions required by your System Administrator. 4. Click Send. UPDATE YOUR SECURITY QUESTION RESPONSES Prerequisite: You must be logged into your Penelope worker account. 1. In the My Profile sidebar, click View My Profile. 2. In the Security Questions section, press the (-) icon to delete the security question you no longer want to use. 3. In the Security Questions section, click Add. 4. In the Question drop-down list, select a question to configure. 5. In the Answer field, type an answer. 6. Click Save. Depending on how many security questions that your System Administrator has required you to set up, repeat steps 2-5. USER MANAGED PASSWORD RESET ABOUT USER MANAGED PASSWORD RESET If trusted devices and security questions are enabled, you can make use of the new user managed password reset process. The user managed password reset feature allows a user to reset their own password. To reset their password, the user must enter the verification code that has been sent using their External Communication settings and input the correct response to their security question. ENABLE THE USER MANAGED PASSWORD RESET FEATURE The user managed password reset feature allows a user to reset their password using their trusted devices and security questions. You must also have 2- step logins enabled with at least one trusted device as well as security questions configured. 3. In the User managed password reset section, click enable. DISABLE THE USER MANAGED PASSWORD RESET FEATURE The user managed password reset feature allows a user to reset their password using their trusted devices and security questions. 25

26 3. In the User managed password reset section, click disable. RESET YOUR ACCOUNT PASSWORD Prerequisite: Your System Administrator must enable the User managed password reset feature. You can reset feature your own password using your trusted devices and the sent verification code. Before you begin: Browse to your Penelope database. 1. Click Reset account password. 2. In the User name field, type your user name. 3. On your keyboard, press Enter. A verification code will be sent to your trusted device(s). 4. In the Verification code field, type the verification code that was sent to your trusted device. 5. On your keyboard, press Enter. 6. In the New password field, type a new password. 7. In the Confirm password field, type the new password again. 8. On your keyboard, press Enter. MANAGE PASSWORDS ABOUT PASSWORDS The algorithm for passwords is designed to better counteract hacking attempts. Instead of requiring that you configure password requirements, passwords now must meet minimum security requirements based on mathematical difficulty to crack. Passwords should include a mixture of lower and uppercase letters, numbers, and symbols; you should combine the characters in such a way to create a lengthy password. SET HOW OFTEN USERS MUST CHANGE THEIR PASSWORDS You can configure how often users must change their passwords in Penelope. Users will be prompted to create a new password to access Penelope after the specified period of time and each time a System Administrator resets their password. New passwords cannot be the same as the last 10 passwords. 4. In the Login settings section, in the Passwords must be changed every field, type how often (in days) that users must change their passwords. FORCE ALL USERS TO RESET THEIR PASSWORD AT NEXT LOGIN 26

27 2. Click the Maintenance tab. 3. In the All Penelope Users section, click Force Password Reset for All Users. UNLOCK A USER ACCOUNT A user account is locked when one of the following actions occur: The user has 5 consecutive failed login attempts The System Administrator or Super User sets or resets a user s password and the user does not log in to the database within 3 days 2. Click the Maintenance tab. 3. In the Locked Accounts section, choose one of the following options: a. To unlock all locked accounts, click Select All. b. To unlock a specific account, select the adjacent checkbox. 4. Click Unlock. 27