penelope case management software AUTHENTICATION GUIDE v4.4 and higher
|
|
- Benjamin Gibson
- 6 years ago
- Views:
Transcription
1 penelope case management software AUTHENTICATION GUIDE v4.4 and higher Last modified: August 9, 2016
2 TABLE OF CONTENTS Authentication: The basics... 4 About authentication... 4 SSO authentication... 4 Penelope authentication... 4 SSO authentication... 5 About SSO... 5 Process Flow: Enable SSO authentication... 6 Enable both SSO AND PENELOPE authentication for the first time... 6 Step 1: Configure the external address for Penelope... 6 Step 2: Register Penelope in your IDP... 6 Step 3: Configure SSO and Penelope Authentication... 7 Authentication type setup options... 7 Security Password setup options... 8 Single Sign On (SSO) Setup options... 9 Step 4: Test SSO authentication Step 5a: Modify worker accounts to use SSO authentication in batch mode Step 5b: Modify individual worker accounts to use SSO authentication Step 6: (Optional) Modify the authentication type to use SSO authentication only Step 7: (Optional) Configure additional Penelope authentication settings Manage SSO authentication Modify the application ID for Penelope Modify the application secret for Penelope Modify the security group for Penelope Modify the label for Penelope credentials Modify the login description for Penelope Modify the label for SSO credentials Modify the login description for SSO Disable SSO authentication Penelope authentication About Penelope AUTHENTICATION Password algorithm step logins User managed password reset process Maintenance features Configure Penelope authentication for the first time Authentication type setup options Security Password setup options step login about the 2-step login method Set up an authentication Configure the 2-step login feature for the first time Enable or disable the 2-step login feature Enable or disable trusted devices
3 Enable or disable security questions Change how often 2-step login is required Trusted devices About trusted devices Set how often users must confirm their trusted devices Require that admins review trusted devices Accept or reject an address or sms number Configure which worker category receives alerts for authentication events Force all users to access Penelope using a 2-step login method at next login Set up a trusted address or SMS phone number for the first time Update a trusted address and/or SMS phone number Verification codes About verification codes Set the daily maximum number of verification codes for users Set the daily maximum number of verification codes for your agency Security questions About security questions Best practices: Security questions Set the minimum number of security questions that users must configure Create a list of security question options Edit the text of a security question Activate a security question Delete a security question Set up security questions responses for the first time Update your security question responses User managed password reset About user managed password reset Enable The user managed password reset feature Disable The user managed password reset feature Reset your account password Manage passwords About passwords Set how often users must change their passwords Force all users to reset their password at next login Unlock a user account
4 authentication: the basics ABOUT AUTHENTICATION Authentication refers to how users are validated to access the Penelope database. Each worker has a unique username and confidential password that allows them to log in to the Penelope database. In version and higher of Penelope, there are two types of authentication that you can choose to implement in your database: Single Sign On (SSO) authentication using an Identify Provider (IDP) and built-in Penelope authentication. Additionally, you can also choose to employ a combination of SSO and Penelope authentication. Organizations that employ large numbers of volunteers, students, or other staff who don t have user accounts in the IDP may choose to employ both types of authentication. SSO AUTHENTICATION Single Sign On (SSO) is an authentication process that allows organizations to manage login credentials for multiple applications in a singular location using an Identity Provider (IDP). The SSO feature in Penelope allows you to use your agency s existing IDP to manage the username and password that workers use to log in to your Penelope database. The SSO feature in Penelope uses the OAuth 2.0 protocol, which allows Penelope to connect to an external server to authenticate a user. To implement SSO for your organization, your organization s IDP must use OAuth 2.0. SSO authentication in Penelope is limited to maintenance of usernames and passwords. Each user must have an account set up in both Penelope and the IDP. Security settings regarding access and privileges within the Penelope database must also be configured and maintained through Penelope s built-in security settings. PENELOPE AUTHENTICATION Penelope authentication refers to the use of Penelope s built-in username and password functionality and the built-in password algorithm. When a worker account is created, a unique username is assigned and you can set a temporary password that the worker can update. The algorithm for passwords has been designed to better counteract hacking attempts. Instead of requiring that you configure password requirements, passwords now must meet minimum security requirements based on mathematical difficulty to crack. You can enhance the security of the authentication process by using the 2-step logins, trusted devices, security questions, and/or user managed reset options. The 2-step login method enables you to set up additional identity checks (using trusted devices and/or security questions) that users must fulfill to access Penelope. A trusted device is an address or SMS phone number that you have assigned to your user account in Penelope. Security questions are a method of verifying the user s identity where only the user should know the answers to the questions. If trusted devices and security questions are enabled, you can make use of the new user managed password reset process allowing the user to reset their own password. 4
5 sso authentication ABOUT SSO Single Sign On (SSO) is an authentication process that allows organizations to manage login credentials for multiple applications in a singular location using an Identity Provider (IDP). The SSO feature in Penelope allows you to use your agency s existing IDP to manage the username and password that workers use to log in to your Penelope database. The SSO feature in Penelope uses the OAuth 2.0 protocol, which allows Penelope to connect to an external server to authenticate a user. To implement SSO for your organization, your organization s IDP must use OAuth 2.0. Common examples of IDPs that use OAuth 2.0 include the most recent version of Active Directory, Microsoft Office 365, and Google for Business. Note that LDAP and SAML are not compatible with OAuth 2.0 or Penelope s SSO feature. To configure SSO in Penelope, you must first set up a publicly accessible URL for Penelope that is accessible by your IDP. This URL must be static, and you should avoid using an alias. Next, you need to register Penelope as an application in your IDP while also entering the external URL for Penelope and determining which users should have access to Penelope. You can then set up the SSO feature in Penelope including the relevant configuration details from your IDP. When you have finished the configuration in Penelope, you must test SSO. Worker accounts in Penelope can then be updated to include their unique SSO credentials. The SSO feature in Penelope does not include automatic synchronization of accounts; this means each new worker s user account must be created in both Penelope and your IDP. Further, there is no synchronization of deactivated accounts, so accounts must be deactivated in both the IDP and Penelope. If a worker is active in SSO but not in Penelope, they will be unable to login to Penelope despite successfully entering SSO login credentials. Although the worker would not be able to log in to Penelope in this scenario, we recommend deactivating former staff members in Penelope as well to avoid having the names of inactive workers appear in future reporting and Service File assignment lists. Although you can configure Penelope to include the use of both SSO and built-in Penelope authentication, each worker account can use a single authentication method. If you have a group of workers that need access to Penelope but are not configured in your IDP, their accounts should use the default and built-in Penelope authentication process. The SSO authentication process manages the username and password that the worker uses to log in to the database. Note that password security is managed through your IDP and does not use Penelope s built-in password algorithms or other security enhancements like two-step logins or security questions. When you enable SSO authentication, you choose to override the security algorithms used by built-in Penelope authentication. Your organization needs to ensure that the IDP password requirements meet the appropriate standards for a clinical setting. Authorization configuration for a Penelope user must also still occur with Penelope s built-in security functionality. This configuration includes managing which aspects of the Penelope database a user has access to; for example, Service Files, the Intake Wizard, Groups, etc. 5
6 PROCESS FLOW: ENABLE SSO AUTHENTICATION 1. Configure the external address for Penelope 2. Register Penelope in your IDP 3. Configure SSO and Penelope Authentication 4. Test SSO authentication 5. Modify worker accounts to use SSO authentication 6. (Optional) Modify the authentication type to use SSO authentication only 7. (Optional) Configure additional Penelope authentication settings to use both SSO and Penelope authentication ENABLE BOTH SSO AND PENELOPE AUTHENTICATION FOR THE FIRST TIME Built-in Penelope authentication is enabled by default. Complete these steps to enable SSO authentication using your organization s Identity Provider. Note: We highly recommend enabling both SSO and Penelope authentication initially, even if you plan to only use SSO authentication in the long term. Enabling both authentication options allows you to successfully test and reconfigure SSO authentication settings as needed. If you enable SSO authentication only, you risk locking user accounts (including System Administrator accounts) if they haven t been properly configured in your IDP prior to completing the full SSO configuration in Penelope. As such, every worker and System Administrator account in Penelope that will use SSO authentication must be set up with a valid account in your IDP. STEP 1: CONFIGURE THE EXTERNAL ADDRESS FOR PENELOPE To configure SSO in Penelope, you must first set up a publicly accessible URL for Penelope that is accessible by your IDP. This URL must be static, and you should avoid using an alias. 1. In the System Setup section, click External Communications. 2. Click Edit. 3. In the Penelope s external address (including port), type the publicly accessible external address for your Penelope database. 4. Click Save. STEP 2: REGISTER PENELOPE IN YOUR IDP You must register Penelope in your Identify Provider (IDP). As each IDP is different and may include a variety of steps, we recommend you consult your IDP for relevant instructions and guidance to configure Penelope as an application. You will also need to record values for the following fields from your IDP for later use in Penelope: Authentication endpoint Token endpoint Application ID Application secret (Optionally) Security group or scope 6
7 STEP 3: CONFIGURE SSO AND PENELOPE AUTHENTICATION 4. From the Authentication type setup drop-down, choose Use both Penelope and SSO accounts. 5. In the Default authentication section, choose which account type you want as the default. 6. (Optional) In the Login Settings section, complete the following fields if you plan to use both SSO and Penelope authentication: a. From the Send alert messages to drop-down, choose which Worker Category should receive authentication messages. b. In the Passwords must be changed every field, type how often you want users to change their passwords. c. In the Lock user accounts after X days since last login field, type how many days a worker can go without logging in to Penelope before their user account is locked. d. In the Maximum verification codes per user per day field, type the maximum number of verification codes that can be sent to a single user per day. e. In the Maximum total verification codes per day field, type the maximum number of verification codes that can be sent agency-wide per day. f. In the Prompt user to confirm trusted devices every field, type how often workers should confirm their trusted devices. g. To require that a System Administrator or Super User review and approve a trusted address, click the Admin review of trusted s option. h. To require that a System Administrator or Super User review and approve trusted phone numbers, click the Admin review of trusted phone numbers option. 7. In the OAuth 2.0 (OpenID Connect) Configurations section, complete the following fields: a. From the SSO provider drop-down, choose your Identity Provider. b. If you are using a Custom Identity Provider, in the Authorization endpoint field, type the link to the authorization endpoint. c. If you are using a Custom Identity Provider, in the Token endpoint field, type the link to the token endpoint. d. In the Application ID field, type the application ID for Penelope defined by your IDP. e. In the Application secret field, type the application secret for Penelope defined by your IDP. f. If desired, in the Security group (scope) field, type the security group for Penelope defined by your IDP. g. In the Label for Penelope credentials field, type the desired label for Penelope authentication. h. In the Login description for Penelope field, type the desired description for Penelope authentication. i. In the Label for SSO credentials field, type the desired label for SSO authentication. j. In the Login description for SSO field, type the desired description for SSO authentication. 8. Click Save. AUTHENTICATION TYPE SETUP OPTIONS Setting Description 7
8 Choose authentication type Default authentication You can choose which type of authentication you d like to implement at your organization: Single Sign On (SSO) using your OAuth 2.0-compatible Identity Provider, built-in Penelope authentication, or both. If you have chosen to use both Penelope and SSO accounts as available authentication types, you can choose which authentication type is the default option. The default authentication type appears as the default sign in option. Note that this option appears only if you ve chosen to use both Penelope and SSO accounts from the Choose authentication type drop-down. SECURITY PASSWORD SETUP OPTIONS These configuration settings apply to organizations that have chosen to use Penelope authentication or both Penelope and SSO authentication. Setting Send alert message to Passwords must be changed every X day(s) Lock user accounts after X days since last login Maximum verification codes per user per day Maximum total verification codes per day Prompt user to confirm trusted devices every X months Admin review of trusted s Admin review of trusted phone numbers Description The option to select which Worker Category should receive authentication alerts. The frequency in days in which passwords must be changed for your organization. The ability to set a maximum number of days that a worker can go without logging in prior to their user account being locked. Enter 0 if you would not like to use this feature. The maximum number of verification codes that can be sent to a single user per day. Verification codes are sent to a trusted device when two-step login is enabled. A trusted device is an address or SMS phone number that you have connected to your user account in Penelope. The maximum number of verification codes that can be sent to all users organization-wide per day. Verification codes are sent to a trusted device when two-step login is enabled. A trusted device is an address or SMS phone number that you have connected to your user account in Penelope. The frequency in months in which each user must confirm the trusted devices they have set up for their user account. A trusted device is an address or SMS phone number that you have connected to your user account in Penelope. The option to require that a worker with System Administration or Super User privileges must review and approve a trusted address. The option to require that a worker with System Administration or Super User privileges must review and approve a trusted phone number. 8
9 SINGLE SIGN ON (SSO) SETUP OPTIONS These configuration settings apply to organizations that have chosen to use SSO authentication only or both Penelope and SSO authentication types. Note that the terminology in the SSO setup in Penelope corresponds with standard OAuth 2.0 terminology. Your Identify Provider (IDP) may use different terminology for these settings. Setting SSO provider Authentication endpoint Token endpoint Application ID Application secret Security group (scope) Label for Penelope credentials Login description for Penelope Label for SSO credentials Description The option to select which IDP your organization uses. You can choose between Google, Microsoft Office 365, or a Custom Identity Provider. The URL to the endpoint on the authorization server of your IDP that processes the access request from the user. The authorization endpoint enables Penelope to obtain required access to your IDP by requesting authorization on the user s behalf. If you select either Google or Microsoft Office 365 as your IDP, this field prepopulates for you and you should not need to change it. If you select Custom Identity Provider as your IDP, you must paste the applicable authentication endpoint. This information can be found through your IDP. The URL to the token endpoint on the authorization server of your IDP that exchanges the authorization code, application ID, and application secret for an access token. If you select either Google Identity or Microsoft Office 365 as your IDP, this field prepopulates for you and you should not need to change it. If you select Custom Identity Provider as your IDP, you must paste the applicable token endpoint. This information can be found through your IDP. The unique identifier for Penelope given by your IDP. The unique passcode or secret for the Penelope application given by your IDP. An optional setting to define a specific group of users who have accounts in your IDP that should have access to Penelope. This setting ensures that the IDP knows to only authenticate people with scope set to the defined Penelope security group. The option to set a custom label that will display for users logging into Penelope using the built-in Penelope authentication, as well as all other locations throughout Penelope where authentication is referenced (for example, on the Worker Profile). The label defaults to Penelope. The option to set a custom description for built-in Penelope authentication that appears on the login page only. The description can be used to help workers understand which credential they should use. The option to set a custom label that displays for users logging into Penelope using SSO authentication as well as all other locations throughout Penelope 9
10 where authentication is referenced (for example, on the Worker Profile). The label defaults to Single Sign On (SSO). Login description for SSO The option to set a custom description for SSO authentication that appears on the login page only. The description can be used to help workers understand which credential they should use. STEP 4: TEST SSO AUTHENTICATION 3. In the Single Sign On (SSO) Connection Test section, click Test. After you click Test, you will be directed to your IDP. You will need to enter login credentials for a valid IDP account. Note that these login credentials can be for any user account in the IDP. You do not necessarily need to use administrator access as this process simply tests the connection. Penelope will display a result message telling you if the connection was successful or not. If you are successful, you can close the page and proceed with the next steps. If the connection is not successful, you will need to revisit the configuration items in Step 3 based on the contents of the error message and continue testing the connection until it is successful. STEP 5A: MODIFY WORKER ACCOUNTS TO USE SSO AUTHENTICATION IN BATCH MODE To update multiple worker accounts to use SSO authentication, you can upload an SSO identifier file with the required information for SSO authentication; namely, the worker s unique identifier (uid) from your Identify Provider (IDP). To assist with creating the SSO identifier file, you can download a template from Penelope that specifies which fields are required. The SSO identifier file template includes columns to capture the following information: kbookitemid, userid, firstname, lastname, and uid. The kbookitemid and userid columns are unique identifiers for workers in Penelope. You can download a copy of the Penelope-based user authentication information to assist in gathering the kbookitemid and userid values. When uploading the completed SSO identifier file to Penelope, Penelope uses these unique identifiers to ensure the correct worker profile is updated with the uid from your Identity Provider. We do not recommend relying only on the firstname and lastname columns as your organization may have more than one worker with the same first and last name. If you upload an SSO identifier file with duplicate first and last names, Penelope will ignore the duplicate instances. Note that if you include any worker information in the upload file for workers who do not already have a Penelope account, Penelope will not automatically create a worker account through the upload. 3. To download the SSO identifier template, in the Synchronize UID section, next to Sample SSO identifier file (csv), click Download. 4. To download all users authentication information, on the Maintenance tab, next to Download all users authentication info, click Download. 10
11 5. Copy the kbookitemid, userid, firstname, and lastname values from the users authentication file into the applicable columns in the Sample SSO identifier file. 6. In your Identity Provider, locate the unique identifier (UID) and copy the value into the Sample SSO identifier file for each worker. 7. Save the file. 8. In Penelope, browse to User Setup > Security > Authentication > Synchronize UID. 9. Next to Upload SSO identifier file (csv), click Choose File. Locate the Sample SSO identifier file and upload. After you finish: To verify that each worker account has been updated with SSO authentication information, you can search for a Worker Profile and verify the Login Credentials. STEP 5B: MODIFY INDIVIDUAL WORKER ACCOUNTS TO USE SSO AUTHENTICATION Prerequisite: You must be logged in to Penelope using a System Administrator account or a Super User account with access to modify a Worker Profile. 1. Click Search. 2. On the Worker tab, in the Worker Name field, type the name of the worker whose authentication settings you want to update. 3. On the Worker Profile, in the Login Credentials section, click Change. 4. In the Login using section, select Single Sign On (SSO). 5. In the New SSO Identifier field, paste the unique ID (sometimes called UID, SID, Object ID, etc.) for the worker as provided by your IDP. 6. Click Save. 7. Repeat steps 1 through 6 for all remaining workers. STEP 6: (OPTIONAL) MODIFY THE AUTHENTICATION TYPE TO USE SSO AUTHENTICATION ONLY Complete this step if you plan to use only SSO authentication and have completed all other configuration steps (steps 1 through 5). You should also ensure that your System Administrator accounts have been configured properly to use SSO. 4. From the Authentication type setup drop-down, choose Use SSO account only. STEP 7: (OPTIONAL) CONFIGURE ADDITIONAL PENELOPE AUTHENTICATION SETTINGS Complete this step if you plan to use both SSO and Penelope authentication types. For more details, see the Penelope authentication section. 11
12 MANAGE SSO AUTHENTICATION MODIFY THE APPLICATION ID FOR PENELOPE 4. From the Authentication type setup drop-down, choose Use SSO account only. 5. In the OAuth 2.0 (OpenID Connect) Configurations section, in the Application ID field, type the application ID for Penelope defined by your IDP. 6. Click Save. MODIFY THE APPLICATION SECRET FOR PENELOPE 4. From the Authentication type setup drop-down, choose Use SSO account only. 5. In the OAuth 2.0 (OpenID Connect) Configurations section, in the Application secret field, type the application secret for Penelope defined by your IDP. 6. Click Save. MODIFY THE SECURITY GROUP FOR PENELOPE 4. From the Authentication type setup drop-down, choose Use SSO account only. 5. In the OAuth 2.0 (OpenID Connect) Configurations section, in the Security group (scope) field, type the security group for Penelope defined by your IDP. 6. Click Save. MODIFY THE LABEL FOR PENELOPE CREDENTIALS 4. From the Authentication type setup drop-down, choose Use SSO account only. 5. In the OAuth 2.0 (OpenID Connect) Configurations section, in the Label for Penelope credentials field, type the desired label for Penelope authentication. 12
13 6. Click Save. MODIFY THE LOGIN DESCRIPTION FOR PENELOPE 4. From the Authentication type setup drop-down, choose Use SSO account only. 5. In the OAuth 2.0 (OpenID Connect) Configurations section, in the Login description for Penelope field, type the desired description for Penelope authentication. 6. Click Save. MODIFY THE LABEL FOR SSO CREDENTIALS 4. From the Authentication type setup drop-down, choose Use SSO account only. 5. In the OAuth 2.0 (OpenID Connect) Configurations section, in the Label for SSO credentials field, type the desired label for SSO authentication. 6. Click Save. MODIFY THE LOGIN DESCRIPTION FOR SSO 4. From the Authentication type setup drop-down, choose Use SSO account only. 5. In the OAuth 2.0 (OpenID Connect) Configurations section, in the Login description for SSO field, type the desired description for SSO authentication. 6. Click Save. DISABLE SSO AUTHENTICATION If you disable SSO authentication in Penelope, all worker accounts will automatically revert back to using their original Penelope usernames and passwords. Any workers who are logged into Penelope at the time that SSO authentication is disabled will automatically be logged out. We recommend implementing the User managed password reset feature to allow staff to reset their own Penelope passwords after SSO authentication is disabled. 13
14 4. From the Authentication type setup drop-down, choose Use Penelope account only. 5. Modify other Penelope authentication settings as needed. 6. Click Save. 14
15 penelope authentication ABOUT PENELOPE AUTHENTICATION Penelope authentication refers to the use of Penelope s built-in username and password functionality and the built-in password algorithm. You can enhance the security of the authentication process by using the 2-step logins, trusted devices, security questions, and/or user managed reset options. PASSWORD ALGORITHM In version 4.1 and above, the algorithm for passwords reflects increased security measures. Instead of requiring that you configure password requirements, passwords now must meet minimum security requirements based on mathematical difficulty to crack. As a best practice, we recommend that passwords include a mixture of lower and uppercase letters, numbers, and symbols. Further, you should combine the characters in such a way to create a lengthy password. 2-STEP LOGINS The 2-step login method enables you to set up additional identity checks (using trusted devices and/or security questions) that users must fulfill to access Penelope. You can require that, after a specified number of logins, users must respond to a security question or type in a verification code that has been sent to a trusted device. Further, each time a user logs in to Penelope through a new browser or after they have cleared their cache/cookies, they are required to provide their 2-step login credentials. A trusted device is an address or SMS phone number that you have assigned to your user account in Penelope. 2-step logins make use of your trusted devices by sending a verification code to the device. To make use of trusted devices, you must have your External Communication settings enabled. Security questions are a method of verifying the user s identity where only the user should know the answers to the questions. A System Administrator can set up a list of security questions that users can configure answers for. USER MANAGED PASSWORD RESET PROCESS If trusted devices and security questions are enabled, you can make use of the new user managed password reset process. The user managed password reset feature allows a user to reset their own password. To reset their password, the user must enter the verification code that has been sent using their External Communication settings and input the correct response to their security question. MAINTENANCE FEATURES Security maintenance features include the ability to require that an administrator review trusted devices, an updated mechanism for unlocking user accounts, and the ability to force a 2-step login or password reset for all users. 15
16 CONFIGURE PENELOPE AUTHENTICATION FOR THE FIRST TIME Penelope authentication is enabled by default. Complete these steps to customize the Penelope authentication options. 4. From the Authentication type setup drop-down, choose Use Penelope account only. 5. In the Login Settings section, complete the following fields: a. From the Send alert messages to drop-down, choose which Worker Category should receive authentication messages. b. In the Passwords must be changed every field, type how often you want users to change their passwords. c. In the Lock user accounts after X days since last login field, type how long a worker can go without logging in prior to their user account being locked. d. In the Maximum verification codes per user per day field, type the maximum number of verification codes that can be sent to a single user per day. e. In the Maximum total verification codes per day field, type the maximum number of verification codes that can be sent agency wide per day. f. In the Prompt user to confirm trusted devices every field, type how often workers should confirm their trusted devices. g. To require that a System Administrator or Super User review and approve a trusted address, click the Admin review of trusted s option. h. To require that a System Administrator or Super User review and approve a trusted phone numbers, click the Admin review of trusted phone numbers option. 6. Click Save. AUTHENTICATION TYPE SETUP OPTIONS Setting Choose authentication type Default authentication Description You can choose which type of authentication you d like to implement at your organization: Single Sign On (SSO) using your OAuth 2.0-compatible Identity Provider, built-in Penelope authentication, or both. If you have chosen to use both Penelope and SSO accounts as available authentication types, you can choose which authentication type is the default option. The default authentication type appears as the default sign in option. Note that this option appears only if you ve chosen to use both Penelope and SSO accounts from the Choose authentication type drop-down. SECURITY PASSWORD SETUP OPTIONS These configuration settings apply to organizations that have chosen to use Penelope authentication or both Penelope and SSO authentication. 16
17 Setting Send alert message to Passwords must be changed every X day(s) Lock user accounts after X days since last login Maximum verification codes per user per day Maximum total verification codes per day Prompt user to confirm trusted devices every X months Admin review of trusted s Admin review of trusted phone numbers Description The option to select which Worker Category should receive authentication alerts. The frequency in days in which passwords must be changed for your organization. The ability to set a maximum number of days that a worker can go without logging in prior to their user account being locked. Enter 0 if you would not like to use this feature. The maximum number of verification codes that can be sent to a single user per day. Verification codes are sent to a trusted device when two-step login is enabled. A trusted device is an address or SMS phone number that you have connected to your user account in Penelope. The maximum number of verification codes that can be sent to all users organization-wide per day. Verification codes are sent to a trusted device when two-step login is enabled. A trusted device is an address or SMS phone number that you have connected to your user account in Penelope. The frequency in months in which each user must confirm the trusted devices they have set up for their user account. A trusted device is an address or SMS phone number that you have connected to your user account in Penelope. The option to require that a worker with System Administration or Super User privileges must review and approve a trusted address. The option to require that a worker with System Administration or Super User privileges must review and approve a trusted phone number. 2-STEP LOGIN ABOUT THE 2-STEP LOGIN METHOD The 2-step login method enables you to set up additional identity checks using trusted devices and/or security questions. You can require that, after a specified number of logins, users must respond to a security question or type in a verification code that has been sent to a trusted device. Further, each time a user logs in to Penelope through a new a new browser or after they have cleared their cache/cookies, they are required to provide their 2- step login credentials. A trusted device is an address or SMS phone number that you have assigned to your user account in Penelope. 2-step logins make use of your trusted devices by sending a verification code, or pin, to the device. To make use of trusted devices, you must have your External Communication settings enabled. 17
18 Security questions are a method of verifying the user s identity where only the user should know the answer to the question. A System Administrator can set up a list of security questions that users can configure answers for. SET UP AN AUTHENTICATION You can configure which accounts Authentication messages are sent from (i.e. the sender when a verification code message is sent to a user via their trusted device). To enable the 2-step login feature using trusted devices, you must configure your External Communication settings (i.e. and/or SMS). If you have already configured your External Communication settings for use with or SMS notifications for clients and staff members, you can use the same settings, or you can set up a secondary account for Authentication messages specifically. You may want to consider using a second address for authentication if you want to enable other workers (i.e. those not responsible for managing external communications) to view and respond to authentication s. 1. In the System Setup section, click External Communications. 2. In the Authentication section, click edit. 3. Complete on of the following options: a. To use the same settings as your general settings, click the Use standard settings option. b. To configure a different for Authentication, complete the following fields using the information as provided by your provider: i. Host ii. Send from iii. User name iv. Change password v. Port number vi. Encryption 4. Click Save. CONFIGURE THE 2-STEP LOGIN FEATURE FOR THE FIRST TIME To enable trusted devices, you must configure your external communication settings. For more information about configuring your external communication settings, see Set up external communication accounts. 3. In the 2-step log in section, click Enable. 4. Click Edit. 5. Complete one or more of the following options: a. To enable trusted devices as a 2-step login method, in the Enable trusted devices section, choose one of the following options: i. Via ii. Via SMS iii. Via or SMS b. To choose not enable trusted devices as a 2-step login method, in the Enable trusted devices section, click No. 18
19 c. To enable the use of Security Questions as a 2-step login method, click the Enable security questions option. 6. To specify how often users must access Penelope via a 2-step login method, in the Require 2-step login every field, type the number of logins that staff members can complete prior to requiring a secure login. 7. Click Save. ENABLE OR DISABLE THE 2-STEP LOGIN FEATURE 3. In the 2-step login section, complete one of the following actions: a. To enable the 2-step login feature, click Enable. b. To disable to 2-step login feature, click Disable. ENABLE OR DISABLE TRUSTED DEVICES 3. In the 2-step log in section, click Edit. 4. Complete one of the following actions: a. To enable trusted devices as a 2-step login method, in the Enable trusted devices section, choose one of the following options: i. Via ii. Via SMS iii. Via or SMS b. To disable trusted devices as a 2-step login method, in the Enable trusted devices section, click No. ENABLE OR DISABLE SECURITY QUESTIONS 3. In the 2-step log in section, click Edit. 4. Complete one of the following options: a. To enable the use of Security Questions as a 2-step login method, click the Enable security questions option. b. To disable the use of Security Questions as a 2-step login method, clear the Enable security questions option. 19
20 CHANGE HOW OFTEN 2-STEP LOGIN IS REQUIRED 3. In the 2-step log in section, click Edit. 4. To specify how often users must access Penelope via a 2-step login method, in the Require 2-step login every field, type the number of logins that staff members can complete prior to requiring a secure login. TRUSTED DEVICES ABOUT TRUSTED DEVICES A trusted device is an address or SMS phone number that you have connected to your user account in Penelope. 2-step logins make use of your trusted devices by sending a verification code to the device. Depending on your configuration, at the time of log in, you could be required to enter the verification code as shown on your trusted device(s). SET HOW OFTEN USERS MUST CONFIRM THEIR TRUSTED DEVICES To confirm a trusted device, users must review the current values for their address or SMS phone number and confirm that they are correct. 4. In the Login settings section, in the Prompt user to confirm trusted devices every field, type how often (in months) that users must confirm their trusted devices. REQUIRE THAT ADMINS REVIEW TRUSTED DEVICES 4. To require that admins review trusted devices, in the Login settings section, complete one or both of the following options: a. Click the Admin must review 2-step addresses option. b. Click the Admin must review 2-step phone numbers option. 20
21 ACCEPT OR REJECT AN ADDRESS OR SMS NUMBER If you have configured the option to require an Admin to review trusted addresses and/or SMS phone numbers, you must review the addresses and SMS numbers listed in the Review or SMS section. 2. Click the Maintenance tab. 1. In the Review and SMS section, choose one of the following options: a. To accept or reject all messages, click Select All. b. To accept or reject specific messages, select the adjacent checkbox. 3. Click Accept or Reject as appropriate. CONFIGURE WHICH WORKER CATEGORY RECEIVES ALERTS FOR AUTHENTICATION EVENTS 4. In the Send Alert Messages To drop-down list, select which Worker Category you would like to receive authentication alerts. FORCE ALL USERS TO ACCESS PENELOPE USING A 2-STEP LOGIN METHOD AT NEXT LOGIN 2. Click the Maintenance tab. 3. In the All Penelope Users section, click Force Secure Login for All Users. SET UP A TRUSTED ADDRESS OR SMS PHONE NUMBER FOR THE FIRST TIME Prerequisite: Your System Administrator must enable 2-step logins using trust devices. The next time you log in to Penelope, you will be prompted to type the trusted address and/or SMS phone number. Before you begin: Browse to your Penelope database. When prompted, type your User name and Password. 1. If applicable, in the field, type a trusted address. 2. If applicable, in the SMS field, type a trusted SMS phone number. 3. On your keyboard, press Enter. UPDATE A TRUSTED ADDRESS AND/OR SMS PHONE NUMBER Prerequisite: You must be logged into your Penelope worker account. 1. In the My Profile sidebar, click View My Profile. 2. In the Personal Message Settings section, click Edit. 21
22 3. In the field, type a trusted address. 4. In the SMS field, type a trusted SMS phone number. VERIFICATION CODES ABOUT VERIFICATION CODES A verification code is a short code that is sent to a user via a trusted address or SMS phone number. The verification code must be entered into the login screen to access Penelope. You can configure the number of verification codes that can be sent to individual users and across the agency. Depending on the size of your agency, you may need to set a higher number of verification codes that can be sent across the system on a given day. If the maximum number of verification codes has been reached, the worker category that you set to receive authentication messages is notified. SET THE DAILY MAXIMUM NUMBER OF VERIFICATION CODES FOR USERS Use this setting to determine the maximum number of verification codes that an individual worker can receive per day. 4. In the Login settings section, in the Maximum verification codes per user per day field, type the maximum number of verification codes that a user can receive in a day. SET THE DAILY MAXIMUM NUMBER OF VERIFICATION CODES FOR YOUR AGENCY Use this setting to determine the maximum number of verification codes that can be sent across the agency per day. 4. In the Login settings, in the Maximum total verification codes per day field, type the maximum number of verification codes that can be sent for the whole agency. 22
23 SECURITY QUESTIONS ABOUT SECURITY QUESTIONS Security questions are a method of verifying the user s identity where only the user should know the answers to the questions. A System Administrator can set up a list of security questions that users can configure answers for. BEST PRACTICES: SECURITY QUESTIONS 1. Avoid using standard security questions available on Social Networking sites. 2. Avoid creating security questions that colleagues would know the answers to. 3. Create three times more questions for users to choose from than the number of answers you will require that they create. For example, if you require that users create three responses, you should create a minimum of 9 questions. 4. Consult your territorial, regional, or industry best practices to create specific security questions. SET THE MINIMUM NUMBER OF SECURITY QUESTIONS THAT USERS MUST CONFIGURE Security questions are used for user managed password reset and, optionally, for 2-step login authentication. You can set the minimum number of security questions that users must create answers for. Users will only be asked to provide an answer to one of the questions that they have configured. 3. In the Security questions section, next to Minimum number of security questions users must create answers for, click (edit). 4. In the Minimum number of questions users must create answers for field, type the minimum number of questions that you want staff members to create answers for. CREATE A LIST OF SECURITY QUESTION OPTIONS 3. In the Security questions section, click Add. 4. In the Question text field, type the desired security question. To add additional security questions, repeat steps
24 EDIT THE TEXT OF A SECURITY QUESTION You can only edit the text of an inactive security question. You cannot edit the text of an active security question because it may be in use by users and their answers may become inaccurate. 3. In the Security questions section, click the security question whose text you want to edit. 4. In the Question text field, edit the text as required. ACTIVATE A SECURITY QUESTION To allow users to make use of the security question that you ve created, you must activate the question. Caution: Once a security question is activated, the question cannot be edited, and it becomes available immediately for users to create answers for. 3. In the Security questions section, click the security question that you want to activate. 4. Click the Active option. DELETE A SECURITY QUESTION Caution: Deleting an active question will also delete any security question answer set up by a user. 3. In the Security questions section, click (-) icon next to the Security Question that you want to delete. 4. Click okay. SET UP SECURITY QUESTIONS RESPONSES FOR THE FIRST TIME Prerequisite: Your System Administrator must enable 2-step logins using security questions. The next time you log in to Penelope, you will be prompted to provide answers to the number of questions that your System Administrator has required. Before you begin: Browse to your Penelope database. When prompted, type your User name and Password. 1. Complete one of the following options: a. To respond to the first available question, in the answer field, type a response. b. To choose a different question to answer, click the arrow buttons next to the question. In the answer field, type a response. 2. Click Add. 24
25 3. Repeat steps 1 and 2 until you have created responses for at least the minimum number of questions required by your System Administrator. 4. Click Send. UPDATE YOUR SECURITY QUESTION RESPONSES Prerequisite: You must be logged into your Penelope worker account. 1. In the My Profile sidebar, click View My Profile. 2. In the Security Questions section, press the (-) icon to delete the security question you no longer want to use. 3. In the Security Questions section, click Add. 4. In the Question drop-down list, select a question to configure. 5. In the Answer field, type an answer. 6. Click Save. Depending on how many security questions that your System Administrator has required you to set up, repeat steps 2-5. USER MANAGED PASSWORD RESET ABOUT USER MANAGED PASSWORD RESET If trusted devices and security questions are enabled, you can make use of the new user managed password reset process. The user managed password reset feature allows a user to reset their own password. To reset their password, the user must enter the verification code that has been sent using their External Communication settings and input the correct response to their security question. ENABLE THE USER MANAGED PASSWORD RESET FEATURE The user managed password reset feature allows a user to reset their password using their trusted devices and security questions. You must also have 2- step logins enabled with at least one trusted device as well as security questions configured. 3. In the User managed password reset section, click enable. DISABLE THE USER MANAGED PASSWORD RESET FEATURE The user managed password reset feature allows a user to reset their password using their trusted devices and security questions. 25
26 3. In the User managed password reset section, click disable. RESET YOUR ACCOUNT PASSWORD Prerequisite: Your System Administrator must enable the User managed password reset feature. You can reset feature your own password using your trusted devices and the sent verification code. Before you begin: Browse to your Penelope database. 1. Click Reset account password. 2. In the User name field, type your user name. 3. On your keyboard, press Enter. A verification code will be sent to your trusted device(s). 4. In the Verification code field, type the verification code that was sent to your trusted device. 5. On your keyboard, press Enter. 6. In the New password field, type a new password. 7. In the Confirm password field, type the new password again. 8. On your keyboard, press Enter. MANAGE PASSWORDS ABOUT PASSWORDS The algorithm for passwords is designed to better counteract hacking attempts. Instead of requiring that you configure password requirements, passwords now must meet minimum security requirements based on mathematical difficulty to crack. Passwords should include a mixture of lower and uppercase letters, numbers, and symbols; you should combine the characters in such a way to create a lengthy password. SET HOW OFTEN USERS MUST CHANGE THEIR PASSWORDS You can configure how often users must change their passwords in Penelope. Users will be prompted to create a new password to access Penelope after the specified period of time and each time a System Administrator resets their password. New passwords cannot be the same as the last 10 passwords. 4. In the Login settings section, in the Passwords must be changed every field, type how often (in days) that users must change their passwords. FORCE ALL USERS TO RESET THEIR PASSWORD AT NEXT LOGIN 26
27 2. Click the Maintenance tab. 3. In the All Penelope Users section, click Force Password Reset for All Users. UNLOCK A USER ACCOUNT A user account is locked when one of the following actions occur: The user has 5 consecutive failed login attempts The System Administrator or Super User sets or resets a user s password and the user does not log in to the database within 3 days 2. Click the Maintenance tab. 3. In the Locked Accounts section, choose one of the following options: a. To unlock all locked accounts, click Select All. b. To unlock a specific account, select the adjacent checkbox. 4. Click Unlock. 27
CLI users are not listed on the Cisco Prime Collaboration User Management page.
Cisco Prime Collaboration supports creation of user roles. A user can be assigned the Super Administrator role. A Super Administrator can perform tasks that both system administrator and network administrator
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More informationCLI users are not listed on the Cisco Prime Collaboration User Management page.
Cisco Prime Collaboration supports creation of user roles. A user can be assigned the Super Administrator role. A Super Administrator can perform tasks that both system administrator and network administrator
More informationAT&T Business Messaging Account Management
Account Management Administrator User Guide July 2016 1 Copyright 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T
More informationUser Guide. Version R94. English
AuthAnvil User Guide Version R94 English March 8, 2017 Copyright Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated
More informationpenelope case management software DSS CONFIGURATION GUIDE FOR AGENCIES NEW TO DSS
penelope case management software DSS CONFIGURATION GUIDE FOR AGENCIES NEW TO DSS Last modified: June 24, 2015 TABLE OF CONTENTS getting started... 3 About this guide... 3 About the dss module... 3 Administrator
More informationRSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013
Ping Identity RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 13, 2013 Product Information Partner Name Ping Identity Web Site www.pingidentity.com Product Name PingFederate
More informationUser Guide. Version R92. English
AuthAnvil User Guide Version R92 English October 9, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from
More informationOneLogin Integration User Guide
OneLogin Integration User Guide Table of Contents OneLogin Account Setup... 2 Create Account with OneLogin... 2 Setup Application with OneLogin... 2 Setup Required in OneLogin: SSO and AD Connector...
More informationSingle Sign-On for PCF. User's Guide
Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans
More informationConfiguration Guide - Single-Sign On for OneDesk
Configuration Guide - Single-Sign On for OneDesk Introduction Single Sign On (SSO) is a user authentication process that allows a user to access different services and applications across IT systems and
More informationAdobe Document Cloud esign Services. for Salesforce Version 17 Installation and Customization Guide
Adobe Document Cloud esign Services for Salesforce Version 17 Installation and Customization Guide 2015 Adobe Systems Incorporated. All rights reserved. Last Updated: August 28, 2015 Table of Contents
More informationPeoplePassword Documentation v6.0
PeoplePassword Documentation v6.0 Instructions to Configure and Use PeoplePassword v6.0, LLC Contents Overview... 3 Getting Started... 3 Components of PeoplePassword... 3 Core Components... 3 Optional
More information<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8
RSA SECURID ACCESS Implementation Guide PingIdentity John Sammon & Gina Salvalzo, RSA Partner Engineering Last Modified: February 27 th, 2018 Solution Summary Ping Identity
More informationMyFloridaNet-2 (MFN-2) Customer Portal/Password Management Reference Guide
MyFloridaNet-2 (MFN-2) Customer Portal/Password Management Reference Guide REVISION RECORDS REVISION DATE DESCRIPTION 0 27 September 2017 Initial Submittal. 1 06 October 2017 Second Submittal. - 17 October
More informationUser Management in Resource Manager
CHAPTER 8 This section describes how to manage user profiles. Topics in this section include: Overview of User Management, page 8-1 Using User Management, page 8-1 Overview of User Management In Resource
More informationMessage Networking 5.2 Administration print guide
Page 1 of 421 Administration print guide This print guide is a collection of system topics provided in an easy-to-print format for your convenience. Please note that the links shown in this document do
More informationHOTDOCS DOCUMENT SERVICES
HotDocs Document Services ~ February 2012 Page 1 HOTDOCS DOCUMENT SERVICES Getting Started in the Cloud AT A GLANCE Sign up for HotDocs Document Services Receive contract order confirmation email Install
More informationpenelope case management software ENGAGE CONFIGURATION GUIDE Compatible with Penelope v and higher
penelope case management software ENGAGE CONFIGURATION GUIDE Compatible with Penelope v4.6.1.0 and higher Last modified: May 12, 2016 TABLE OF CONTENTS Engage: The basics... 3 About Engage... 3 Configuring
More informationMyFloridaNet-2 (MFN-2) Customer Portal/ Password Management/ VPN Reference Guide
MyFloridaNet-2 (MFN-2) Customer Portal/ Password Management/ VPN Reference Guide i VISION RECORDS REVISION DATE DESCRIPTION 0 27 September 2017 Initial Submittal. 1 Second Submittal. ii TABLE OF CONTENTS
More information<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x
RSA SECURID ACCESS Implementation Guide Pulse Connect Secure 8.x Daniel R. Pintal, RSA Partner Engineering Last Modified: January 24 th, 2018 Solution Summary The Pulse
More informationA. Getting Started About e-access Enrolling in e-access: Authenticating your account Login... 5
Contents A. Getting Started... 3 1. About e-access... 3 2. Enrolling in e-access:... 3 3. Authenticating your account... 5 4. Login... 5 B. Fix a Problem... 6 1. Provided the wrong email address during
More informationEMS Platform Services Installation & Configuration Guides
EMS Platform Services Installation & Configuration Guides V44.1 Last Updated: August 7, 2018 EMS Software emssoftware.com/help 800.440.3994 2018 EMS Software, LLC. All Rights Reserved. Table of Contents
More informationRegions OnePass USER GUIDE. It s time to expect more. Regions Bank Member FDIC Revised
Regions OnePass USER GUIDE It s time to expect more. Regions Bank Member FDIC Revised 051616 User Guide Table of Contents Section I. Regions OnePass Basics 3 What Is Regions OnePass? 3 Minimum Browser
More informationGoogle Sync Integration Guide. VMware Workspace ONE UEM 1902
Google Sync Integration Guide VMware Workspace ONE UEM 1902 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation,
More informationQUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because
1 RSA - 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam QUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because A. a token periodically calculates a new
More informationDSS User Guide. End User Guide. - i -
DSS User Guide End User Guide - i - DSS User Guide Table of Contents End User Guide... 1 Table of Contents... 2 Part 1: Getting Started... 1 How to Log in to the Web Portal... 1 How to Manage Account Settings...
More informationpenelope CONFIGURE MS EXCHANGE INTEGRATION WITH PENELOPE FOR OFFICE 365 (SaaS and ASP) ATHENA SOFTWARE Last updated: February 10, 2015
penelope CONFIGURE MS EXCHANGE INTEGRATION WITH PENELOPE FOR OFFICE 365 (SaaS and ASP) ATHENA SOFTWARE Last updated: February 10, 2015 enabling the ms exchange feature in penelope THE BASICS The MS Exchange
More informationPulse Workspace Appliance. Administration Guide
Pulse Workspace Appliance Administration Guide Product Release 2.0, 1743.1 Document Revisions 1.0 Published Date January 2018 Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose, CA 95134 The Pulse
More informationEasy Survey Creator: User s Guide
Easy Survey Creator: User s Guide The Easy Survey Creator software is designed to enable faculty, staff, and students at the University of Iowa Psychology Department to quickly and easily create surveys
More informationPowerSchool Student and Parent Portal User Guide. PowerSchool Student Information System
PowerSchool Student and Parent Portal User Guide PowerSchool Student Information System Released December 2016 Document Owner: Documentation Services This edition applies to Release 10.1 of the PowerSchool
More information2 Creating New CCQAS 2.8 User Accounts
2 Creating New CCQAS 2.8 User Accounts The deployment of CCQAS 2.8 which introduced the online privilege application, review, and approval functionality, significantly expanded the number of CCQAS users
More informationKYOCERA Net Admin User Guide
KYOCERA Net Admin User Guide Legal Notes Unauthorized reproduction of all or part of this guide is prohibited. The information in this guide is subject to change without notice. We cannot be held liable
More informationColligo Console. Administrator Guide
Colligo Console Administrator Guide Contents About this guide... 6 Audience... 6 Requirements... 6 Colligo Technical Support... 6 Introduction... 7 Colligo Console Overview... 8 Colligo Console Home Page...
More informationTenant Administration. vrealize Automation 6.2
vrealize Automation 6.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to
More informationUSER MANUAL. SalesPort Salesforce Customer Portal for WordPress (Lightning Mode) TABLE OF CONTENTS. Version: 3.1.0
USER MANUAL TABLE OF CONTENTS Introduction...1 Benefits of Customer Portal...1 Prerequisites...1 Installation...2 Salesforce App Installation... 2 Salesforce Lightning... 2 WordPress Manual Plug-in installation...
More informationHigh Availability Enabling SSL Database Migration Auto Backup and Auto Update Mail Server and Proxy Settings Support...
Quick Start Guide Table of Contents Overview... 4 Deployment... 4 System Requirements... 4 Installation... 6 Working with AD360... 8 Starting AD360... 8 Launching AD360 client... 9 Stopping AD360... 9
More informationRegions OnePassSM USER GUIDE. It s time to expect more. Regions Bank Member FDIC Revised
Regions OnePassSM USER GUIDE Regions Bank Member FDIC Revised 110614 It s time to expect more. Regions OnePass User Guide Table of Contents Section I. OnePass Basics 3 What Is OnePass? 3 Minimum Browser
More informationServiceNow Okta Identity Cloud for ServiceNow application Deployment Guide Okta Inc.
ServiceNow Okta Identity Cloud for ServiceNow application Deployment Guide Okta Identity Cloud for ServiceNow Configuring the Okta Application from the ServiceNow App Store Okta Inc. 301 Brannan Street
More informationApple Business Manager Beta Help v1.0
Apple Business Beta Help v1.0 Note: To see whether an Apple program is available in your country or region, go to the Apple Support article Availability of Apple programs for education and business. Overview
More informationVMware AirWatch Google Sync Integration Guide Securing Your Infrastructure
VMware AirWatch Google Sync Integration Guide Securing Your Email Infrastructure Workspace ONE UEM v9.5 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard
More informationSophos Mobile. startup guide. Product Version: 8.5
Sophos Mobile startup guide Product Version: 8.5 Contents About this guide... 1 Sophos Mobile licenses... 2 Trial licenses...2 Upgrade trial licenses to full licenses... 2 Update licenses... 2 What are
More informationUnified Communications Manager Version 10.5 SAML SSO Configuration Example
Unified Communications Manager Version 10.5 SAML SSO Configuration Example Contents Introduction Prerequisites Requirements Network Time Protocol (NTP) Setup Domain Name Server (DNS) Setup Components Used
More informationWorkspace ONE UEM Directory Service Integration. VMware Workspace ONE UEM 1811
Workspace ONE UEM Directory Service Integration VMware Workspace ONE UEM 1811 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationCitiManager: Migration Quick Reference Guide for Cardholders
This Quick Reference Guide will help you: 1. How to register for CitiManager? a) Existing online statement cardholders only b) Paper statement cardholders only 2. Important Tips 3. View your Monthly Card
More informationTenant Administration
vcloud Automation Center 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions
More informationREACH Remote Deposit Capture
REACH Remote Deposit Capture Company Administration CONTENTS Introduction to REACH... 1 Overview of Roles... 1 Session Timeouts and Maintenance... 1 User Login... 2 Login via Online Cash Management...
More informationFinancial Center Administration Console USER GUIDE
Financial Center Administration Console USER GUIDE For Client Use Only Effective April 2018 Table of contents Introduction 3 Communicating securely with Union Bank 3 Change Security Settings 4 Manage
More informationContents. Introduction To CloudSync. 2. System Requirements...2. Installing CloudSync 2. Getting Started 4
Quick Start Guide Contents Introduction To CloudSync. 2 System Requirements...2 Installing CloudSync 2 Getting Started 4 1 Introduction To CloudSync On behalf of FilesAnywhere, we would like to welcome
More informationConfigure Guest Access
Cisco ISE Guest Services, page 1 Guest and Sponsor Accounts, page 2 Guest Portals, page 18 Sponsor Portals, page 34 Monitor Guest and Sponsor Activity, page 46 Guest Access Web Authentication Options,
More informationSecure Access Manager (SAM) Administrator Guide December 2017
Secure Access Manager (SAM) Administrator Guide December 2017 Copyright 2017 Exostar, LLC All rights reserved. 1 SECURE ACCESS MANAGER (SAM) OVERVIEW... 4 ADMINISTRATIVE ROLES OVERVIEW... 4 SAM NAVIGATIONAL
More informationUnity Connection Version 10.5 SAML SSO Configuration Example
Unity Connection Version 10.5 SAML SSO Configuration Example Document ID: 118772 Contributed by A.M.Mahesh Babu, Cisco TAC Engineer. Jan 21, 2015 Contents Introduction Prerequisites Requirements Network
More informationManage SAML Single Sign-On
SAML Single Sign-On Overview, page 1 Opt-In Control for Certificate-Based SSO Authentication for Cisco Jabber on ios, page 1 SAML Single Sign-On Prerequisites, page 2, page 3 SAML Single Sign-On Overview
More informationAuthentication. August 17, 2018 Version 9.4. For the most recent version of this document, visit our documentation website.
Authentication August 17, 2018 Version 9.4 For the most recent version of this document, visit our documentation website. Table of Contents 1 Authentication 4 1.1 Authentication mechanisms 4 1.2 Authentication
More informationCANVAS OBSERVER GUIDE
CANVAS OBSERVER GUIDE This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike License Table of Contents Introduction...3 What is the Observer role?...4 How can I use Canvas
More informationIntroduction to application management
Introduction to application management To deploy web and mobile applications, add the application from the Centrify App Catalog, modify the application settings, and assign roles to the application to
More informationSophos Mobile. startup guide. Product Version: 8.1
Sophos Mobile startup guide Product Version: 8.1 Contents About this guide... 1 Sophos Mobile licenses... 2 Trial licenses...2 Upgrade trial licenses to full licenses... 2 Update licenses... 2 What are
More informationPulse Secure Policy Secure
Policy Secure RSA SecurID Ready Implementation Guide Last Modified: November 19, 2014 Partner Information Product Information Partner Name Pulse Secure Web Site http://www.pulsesecure.net/ Product Name
More informationAdobe Document Cloud esign Services. for Salesforce Version 17 Upgrade Guide
Adobe Document Cloud esign Services for Salesforce Version 17 Upgrade Guide 2015 Adobe Systems Incorporated. All Rights Reserved. Last Updated: August 25, 2015 Table of Contents Upgrading from a previous
More informationBIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 13.1
BIG-IP Access Policy Manager : Authentication and Single Sign-On Version 13.1 Table of Contents Table of Contents Authentication Concepts... 15 About AAA server support... 15 About AAA high availability
More informationSecure single sign-on for cloud applications
Secure single sign-on for cloud applications Secure single sign-on for cloud applications Traditional on-premises tools used to rule the IT environments of most organizations, but now cloud applications
More informationConfiguration Tab. Cisco WebEx Messenger Administration Guide 1
Overview, page 2 Organization Information, page 2 Domain Information, page 3 Resource Management Information, page 4 URL Configuration, page 5 Security Settings, page 6 Directory Settings, page 8 Password
More informationOneLogin SCIM. Table of Contents. Summary... 2 System Requirements... 2 Installation & Setup... 2 Contact Us... 6
OneLogin SCIM Table of Contents Summary... 2 System Requirements... 2 Installation & Setup... 2 Contact Us... 6 1 This guide provides set-up instructions for using LastPass with OneLogin as your Identity
More informationConfigure Guest Access
Cisco ISE Guest Services, page 1 Guest and Sponsor Accounts, page 2 Guest Portals, page 15 Sponsor Portals, page 30 Monitor Guest and Sponsor Activity, page 42 Guest Access Web Authentication Options,
More informationNaviance ID Login Reference Guide
Naviance ID Login Reference Guide Topic & Audience Topic: Naviance ID Staff Login Audience: Anyone with login credentials for Naviance. *Please note that this does not apply to any single sign-on users;
More informationCloud Access Manager Configuration Guide
Cloud Access Manager 8.1.3 Configuration Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide
More informationConfiguration Tab. Cisco WebEx Messenger Administration Guide 1
Overview, page 2 Organization Information, page 2 Domain Information, page 3 Resource Management Information, page 4 URL Configuration, page 5 Security Settings, page 6 Directory Settings, page 8 Password
More informationSetting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8
Setting Up Resources in VMware Identity Manager VMware Identity Manager 2.8 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationAdministration. STILOG IST, all rights reserved
2 Table of Contents I. Admin Center... 1 1. ACCESS... 1 Starting the Admin Center application... 1 2. General Settings... 2 Home page... 3 Client... 4 Application... 5 VPPortal... 6 3. Password Configuration...
More informationSetting Up Resources in VMware Identity Manager
Setting Up Resources in VMware Identity Manager VMware Identity Manager 2.7 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationForeScout Extended Module for Tenable Vulnerability Management
ForeScout Extended Module for Tenable Vulnerability Management Version 2.7.1 Table of Contents About Tenable Vulnerability Management Module... 4 Compatible Tenable Vulnerability Products... 4 About Support
More informationAccount Management Settings section. Service Request Settings section
WebEx Site Configuration Audit Log The following settings are included in the CSV export of changes to the Configuration > Common Site Settings > Options page of WebEx Site Administration. Account Management
More informationContents About This Guide... 5 About Notifications... 5 Managing User Accounts... 6 Managing Companies Managing Password Policies...
Cloud Services Identity Management Administration Guide Version 17 July 2017 Contents About This Guide... 5 About Notifications... 5 Managing User Accounts... 6 About the User Administration Table...
More informationPasswords, PINs, and Authentication Rule Management
Passwords, PINs, and Authentication Rule Management In Cisco Unity Connection, authentication rules govern user passwords, PINs, and account lockouts for all user accounts. We recommend that you define
More informationSafeNet Authentication Service
SafeNet Authentication Service Integration Guide Using SafeNet Authentication Service as an Identity Provider for RadiantOne Cloud Federation Service (CFS) All information herein is either public information
More informationTenant Administration
vcloud Automation Center 6.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions
More informationBBVA Compass Spend Net Payables
User Guide BBVA Compass Spend Net Payables User Guide Vault Services Table of Contents Introduction 2 Technical Requirements 2 Getting started 3 Sign In 3 General Navigation 4 Upload/Create Payment 5
More informationSAML-Based SSO Configuration
Prerequisites, page 1 SAML SSO Configuration Workflow, page 5 Reconfigure OpenAM SSO to SAML SSO After an Upgrade, page 9 Prerequisites NTP Setup In SAML SSO, Network Time Protocol (NTP) enables clock
More informationNetwork Rail Brand Hub USER GUIDE
Network Rail Brand Hub USER GUIDE The Brand Hub Using keywords, visual thumbnails and a more upto-date online interface, the new Brand Hub will make searching, browsing and downloading images, templates
More informationVMware Workspace ONE UEM Integration with Apple School Manager
VMware Workspace ONE UEM Integration with Apple School Manager VMware Workspace ONE UEM Integration with Apple School Manager VMware Workspace ONE UEM 1811 You can find the most up-to-date technical documentation
More informationVMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes
VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes Workspace ONE UEM v9.6 Have documentation feedback? Submit
More informationGetting Started with Community Gateway
Getting Started with Community Gateway For Mount Sinai PPS Partners (Non-Mount Sinai Employed) Mount Sinai PPS Mount Sinai PPS Getting Started with Community Gateway for Mount Sinai PPS Partners (Non-Mount
More informationUser Accounts for Management Access
The Firepower Management Center and managed devices include a default admin account for management access. This chapter discusses how to create custom user accounts for supported models. See Logging into
More informationSoftware Token. Installation and User Guide. 22 September 2017
Software Token Installation and User Guide 22 September 2017 Notices Following are policies pertaining to proprietary rights and trademarks. Proprietary Rights The information contained in this document
More informationSAML-Based SSO Configuration
Prerequisites, page 1 SAML SSO Configuration Task Flow, page 5 Reconfigure OpenAM SSO to SAML SSO Following an Upgrade, page 9 SAML SSO Deployment Interactions and Restrictions, page 9 Prerequisites NTP
More informationVoter Registration System. User Guide. NJ SVRS v.1.1, r.0.1 The State of New Jersey, Division of Elections
Voter Registration System User Guide NJ SVRS v.1.1, r.0.1 The State of New Jersey, Division of Elections Table of Contents Chapter 1: Getting Started... 7 1.1 Audience... 7 1.2 Related Documentation...
More informationICE CLEAR EUROPE DMS GLOBAL ID CREATION USER GUIDE VERSION 1.0
ICE CLEAR EUROPE DMS GLOBAL ID CREATION USER GUIDE VERSION 1.0 August 2017 Date Version Description August 2017 1.0 Initial Draft 1. Single Sign On... 2 2. To register for SSO on the Global ID webpage...
More informationSecureAuth IdP Realm Guide
SecureAuth IdP Realm Guide What is a Realm? A realm is a configured workflow that leads end-users to a target resource (application, IdM page, certificate enrollment page, etc.). Each SecureAuth IdP realm
More informationRED IM Integration with Bomgar Privileged Access
RED IM Integration with Bomgar Privileged Access 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the
More informationVMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes
VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes AirWatch v9.3 Have documentation feedback? Submit a Documentation
More informationRSA Authentication Manager 7.1 Help Desk Administrator s Guide
RSA Authentication Manager 7.1 Help Desk Administrator s Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA,
More informationRSA Exam 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam Version: 6.0 [ Total Questions: 140 ]
s@lm@n RSA Exam 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam Version: 6.0 [ Total Questions: 140 ] Question No : 1 An RSA SecurID tokencode is unique for each successful authentication
More informationPolicy Library Training Guide
Policy Library Training Guide Getting Started There are several resources available to help you familiarize yourself with the Policy Library. Navigate to policy.ku.edu and click on Resources, and then
More informationD9.2.2 AD FS via SAML2
D9.2.2 AD FS via SAML2 This guide assumes you have an AD FS deployment. This guide is based on Windows Server 2016. Third Light support staff cannot offer assistance with 3rd party tools, so while the
More informationSafeNet Authentication Manager
SafeNet Authentication Manager Version 8.0 Rev A User s Guide Copyright 2010 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.
More informationIRONKEY D300S SECURE USB 3.0 FLASH DRIVE
IRONKEY D300S SECURE USB 3.0 FLASH DRIVE User Guide Document No. 48000130-001.A01 D300S Page 1 of 27 Table of Contents About This Manual... 3 System Requirements...3 Recommendations...3 Setup (Windows
More informationEnabling Single Sign-On Using Microsoft Azure Active Directory in Axon Data Governance 5.2
Enabling Single Sign-On Using Microsoft Azure Active Directory in Axon Data Governance 5.2 Copyright Informatica LLC 2018. Informatica and the Informatica logo are trademarks or registered trademarks of
More informationAdministering Jive Mobile Apps for ios and Android
Administering Jive Mobile Apps for ios and Android TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile
More informationISF Getting Started. Table of Contents
ISF Getting Started Table of Contents Overview of Getting Started... 2 ISF Application Conventions & Navigation... 3 How to Log In... 9 How to Log Out... 12 User Profile Page... 13 Overview of ISF Security
More informationSecurity We keep your security a priority
Welcome Welcome to Berkshire Bank s Business Solutions. With Business Solutions, you may access your accounts 24 hours a day, seven days a week anywhere an internet connection is available. This guide
More information