Difference between revisions of "Authentication Settings"

From Studentnet Wiki
Jump to navigation Jump to search
 
(12 intermediate revisions by 2 users not shown)
Line 5: Line 5:
 
===Location===
 
===Location===
 
To get to the Authentication settings:  
 
To get to the Authentication settings:  
# In the Cloudwork dashboard, click the menu bar>'''settings'''>'''Authentication Settings'''
+
#In the Cloudwork dashboard, click the menu bar>'''Settings'''>'''Authentication Settings'''
  
 
[[File:Menu.png|300px]]
 
[[File:Menu.png|300px]]
  
 
===Fields===
 
===Fields===
[[File:Authentication setting snapshot.PNG]]
+
[[File:Authenticationsettings1.png | 1600px]]
  
*'''Enable Remember Me''': Display a Remember Me checkbox on the log in page to allow users to stay signed in after they close their browser
 
*'''Remember Me Period''': Customise how many days a user can remain logged in for before requiring to sign in again.
 
 
*'''SameSite settings for cookies''': Determine whether a cookie is available in third party contexts
 
*'''SameSite settings for cookies''': Determine whether a cookie is available in third party contexts
 
**'''None''': None should be selected so iframes will work
 
**'''None''': None should be selected so iframes will work
Line 20: Line 18:
 
*'''Prefix Whitelist''': Domain Names entered in this field, will accept users logging in with their email instead of username
 
*'''Prefix Whitelist''': Domain Names entered in this field, will accept users logging in with their email instead of username
 
*'''Login Identifier''': Select from drop down how users can login
 
*'''Login Identifier''': Select from drop down how users can login
 +
*'''Legacy Transparent Sign On Whitelist''' IP addresses listed in this field, will be forced to login Cloudwork Authentication, instead of ADFS
 +
*'''Legacy User Agent Whitelist''' Users listed in this field will not have to use Cloudwork Authentication. This is handy to only allow certain users to login via certain browsers
 +
*'''Legacy User Agent Blacklist''': Users listed in this field will have to use Cloudwork Authentication. This is handy to only disallow certain users to login via certain browsers
 +
*'''Allowed Logout Domains''': Allows for the filtering of logout URLs, IDP-first logout URLs should only work if they're listed in the Allowed Logout Domain field.
 +
*'''Allowed Third Party Authentication Providers''': Listed Third Party Authentication partners that users are allowed to login through
 +
*'''Require Third Party Authentication Verification''': Controls whether to trust email attribute from third-party authentication providers to link accounts. If enabled, all users logging in for the first time with a third-party account will need to complete the email based account verification workflow.
 +
*'''Third Party Authentication OUs''': List of OUs that allow users to login with the enabled third-party authentication providers
 +
*'''Third Party Auth IP Filtering''': Select option to allow or deny login from specified IPs to third party auth providers. (Deny/Allow)
 +
*'''Third Party Auth Deny IPs''': Comma separated list of IP addresses. Users from these IPs will not see the option to login with a third-party authentication provider.
 +
*'''MFA App Number Matching''': Whether number matching is enabled in the Cloudwork MFA app. Note that if you require number matching, users may need to update their MFA app before they can login. Pick between Do not use, use if able, or required.
 +
 +
<!--
 +
*'''Enable Remember Me''': Display a Remember Me checkbox on the log in page to allow users to stay signed in after they close their browser
 +
*'''Remember Me Period''': Customise how many days a user can remain logged in for before requiring to sign in again.
 
**'''Username and Primary Email''': Users can sign in with username or primary email address
 
**'''Username and Primary Email''': Users can sign in with username or primary email address
 
**'''Username and all email addresses''': Users can sign in with username or all email addresses
 
**'''Username and all email addresses''': Users can sign in with username or all email addresses
**'''Username Only''': Users can only sign in with username
+
**'''Username Only''': Users can only sign in with username -->
*'''IP Address Whitelist''' IP addresses listed in this field, will be forced to login Cloudwork Authentication, instead of ADFS
+
 
*'''User Agent Whitelist''' Users listed in this field will not have to use Cloudwork Authentication. This is handy to only allow certain users to login via certain browsers
 
*'''User Agent Blacklist''': Users listed in this field will have to use Cloudwork Authentication. This is handy to only disallow certain users to login via certain browsers
 
*'''IP Addressing Blocking''': IP Addresses entered into this field will not be authenticate through Cloudwork
 
*'''Country Blocking''': From the drop down 3 options can be selected:
 
**'''Allow all countries''': All countries are allowed to authenticate through Cloudwork
 
**'''Allowed only specified countries''': Only user logging in from specified countries are allowed to authenticate through Cloudwork, another form will appear underneath from which you can select which countries to allow.
 
**'''Block specified countries''': Users logging in from specified countries are not allowed to authenticate through Cloudwork, another form will appear underneath from which you can select which countries to block.
 
  
 
[[Category:Cloudwork Dashboard]]
 
[[Category:Cloudwork Dashboard]]

Latest revision as of 06:30, 15 April 2025

Authentication Settings

Authentication Settings handle settings on how users log in.

Location

To get to the Authentication settings:

  1. In the Cloudwork dashboard, click the menu bar>Settings>Authentication Settings

Menu.png

Fields

Authenticationsettings1.png

  • SameSite settings for cookies: Determine whether a cookie is available in third party contexts
    • None: None should be selected so iframes will work
    • Lax: support legacy devices
    • Strict strictest privacy protections on their cookies
  • Prefix Whitelist: Domain Names entered in this field, will accept users logging in with their email instead of username
  • Login Identifier: Select from drop down how users can login
  • Legacy Transparent Sign On Whitelist IP addresses listed in this field, will be forced to login Cloudwork Authentication, instead of ADFS
  • Legacy User Agent Whitelist Users listed in this field will not have to use Cloudwork Authentication. This is handy to only allow certain users to login via certain browsers
  • Legacy User Agent Blacklist: Users listed in this field will have to use Cloudwork Authentication. This is handy to only disallow certain users to login via certain browsers
  • Allowed Logout Domains: Allows for the filtering of logout URLs, IDP-first logout URLs should only work if they're listed in the Allowed Logout Domain field.
  • Allowed Third Party Authentication Providers: Listed Third Party Authentication partners that users are allowed to login through
  • Require Third Party Authentication Verification: Controls whether to trust email attribute from third-party authentication providers to link accounts. If enabled, all users logging in for the first time with a third-party account will need to complete the email based account verification workflow.
  • Third Party Authentication OUs: List of OUs that allow users to login with the enabled third-party authentication providers
  • Third Party Auth IP Filtering: Select option to allow or deny login from specified IPs to third party auth providers. (Deny/Allow)
  • Third Party Auth Deny IPs: Comma separated list of IP addresses. Users from these IPs will not see the option to login with a third-party authentication provider.
  • MFA App Number Matching: Whether number matching is enabled in the Cloudwork MFA app. Note that if you require number matching, users may need to update their MFA app before they can login. Pick between Do not use, use if able, or required.
Retrieved from "https://wiki.studentnet.net/index.php?title=Authentication_Settings&oldid=2650"