Authentication Settings

Authentication Settings

Authentication Settings handle settings on how users log in.

Location

To get to the Authentication settings:

1. In the Cloudwork dashboard, click the menu bar>Settings>Authentication Settings

Fields

• SameSite settings for cookies: Determine whether a cookie is available in third party contexts
  • None: None should be selected so iframes will work
  • Lax: support legacy devices
  • Strict strictest privacy protections on their cookies
• Prefix Whitelist: Domain Names entered in this field, will accept users logging in with their email instead of username
• Login Identifier: Select from drop down how users can login
• Transparent Sign On Whitelist IP addresses listed in this field, will be forced to login Cloudwork Authentication, instead of ADFS
• User Agent Whitelist Users listed in this field will not have to use Cloudwork Authentication. This is handy to only allow certain users to login via certain browsers
• User Agent Blacklist: Users listed in this field will have to use Cloudwork Authentication. This is handy to only disallow certain users to login via certain browsers
• IP Addressing Blocking: IP Addresses entered into this field will not be authenticate through Cloudwork
• Country Blocking: From the drop down 3 options can be selected:
  • Allow all countries: All countries are allowed to authenticate through Cloudwork
  • Allowed only specified countries: Only user logging in from specified countries are allowed to authenticate through Cloudwork, another form will appear underneath from which you can select which countries to allow.
• IP Address Blocking: Comma separated list of IP Addresses, users accessing from any of the listed addresses will be blocked.
  • Country Blocking: Users logging in from specified countries are not allowed to authenticate through Cloudwork, another form will appear underneath from which you can select which countries to block.
• Allowed Logout Domains: Allows for the filtering of logout URLs, IDP-first logout URLs should only work if they're listed in the Allowed Logout Domain field.
• Allowed Third Party Authentication Providers: Listed Third Party Authentication partners that users are allowed to login through
• Require Third Party Authentication Verification: Controls whether to trust email attribute from third-party authentication providers to link accounts. If enabled, all users logging in for the first time with a third-party account will need to complete the email based account verification workflow.
• Third Party Authentication OUs: List of OUs that allow users to login with the enabled third-party authentication providers
• Third Party Auth IP Filtering: Select option to allow or deny login from specified IPs to third party auth providers. (Deny/Allow)
• Third Party Auth Deny IPs: Comma separated list of IP addresses. Users from these IPs will not see the option to login with a third-party authentication provider.
• MFA App Number Matching: Whether number matching is enabled in the Cloudwork MFA app. Note that if you require number matching, users may need to update their MFA app before they can login. Pick between Do not use, use if able, or required.