Difference between revisions of "Cloudwork.ID Settings"
Jump to navigation
Jump to search
| (19 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
==Cloudwork.ID Settings== | ==Cloudwork.ID Settings== | ||
| − | Located in the Cloudwork Dashboard>Settings>CloudworkID Settings | + | Located in the '''Cloudwork Dashboard'''>'''Side Bar'''>'''Settings'''>'''CloudworkID Settings'''<br> |
| − | + | The Cloudwork.ID Settings, allows Admins to configure: | |
| + | *The appearance of the Cloudwork.ID | ||
| + | *Actions that can be done in the Cloudwork.ID by users | ||
| + | *Password Requirements and options for when users change their password | ||
| + | *Account Recovery Templates | ||
| + | *Useful Links that IT admins can send to users | ||
===Look and Feel=== | ===Look and Feel=== | ||
| + | The settings in Look and Feel control the appearance of the Cloudwork.ID a detailed breakdown of how each field affects the appearance of the Cloudwork.ID can be found [https://wiki.studentnet.net/index.php/CloudworkID_themes here] | ||
| − | + | ===Features=== | |
| + | Settings for the Cloudwork.ID located under Features generally configures the Cloudwork.ID's appearance, what aspects of a user's own account settings a user can mange by themselves and whether users are allowed to view SSO Services a user can login to. | ||
| − | |||
{| class="wikitable" | {| class="wikitable" | ||
|+ Description of Features Table | |+ Description of Features Table | ||
| Line 20: | Line 26: | ||
|'''Recovery Information'''|| Configure whether users will be allowed to update their Recovery Information | |'''Recovery Information'''|| Configure whether users will be allowed to update their Recovery Information | ||
|- | |- | ||
| − | |'''Multifactor Authentication'''|| Configure whether users can add or delete MFA options to their account | + | |'''Multifactor Authentication'''|| Configure whether users can add or delete MFA options to their account. More information can be found here [https://wiki.studentnet.net/index.php/Multifactor_Authentication here] |
|- | |- | ||
|'''Disable Multifactor'''|| Configure whether users can disable MFA from their account, users can remove MFA options but must have at least one MFA option available if this option is active | |'''Disable Multifactor'''|| Configure whether users can disable MFA from their account, users can remove MFA options but must have at least one MFA option available if this option is active | ||
| Line 26: | Line 32: | ||
|'''Users must enable MFA'''|| Configure whether users must have MFA enabled before accessing any service | |'''Users must enable MFA'''|| Configure whether users must have MFA enabled before accessing any service | ||
|- | |- | ||
| − | |'''Allow Passwordless Login'''|| Configure whether users can set Passkey as an alternate login | + | |'''Allow Passwordless Login'''|| Configure whether users can set Passkey as an alternate login. More information can be found [https://wiki.studentnet.net/index.php/Category:Passkeys_and_Passwordless_Logins here] |
|- | |- | ||
|'''Let Users Configure Passwordless Login without enforcing MFA''' || Control whether users need to have MFA before setting up a Passkey | |'''Let Users Configure Passwordless Login without enforcing MFA''' || Control whether users need to have MFA before setting up a Passkey | ||
| Line 38: | Line 44: | ||
|'''Multifactor Methods''' || Control whether users can use SMS as an MFA option or not, this option is so school do not get charged extra for SMS cost listed in the [https://wiki.studentnet.net/index.php/2023_Cloudwork_pricing this documentation] | |'''Multifactor Methods''' || Control whether users can use SMS as an MFA option or not, this option is so school do not get charged extra for SMS cost listed in the [https://wiki.studentnet.net/index.php/2023_Cloudwork_pricing this documentation] | ||
|- | |- | ||
| − | |'''Reject Compromised Passwords''' || Control when a user updates their password, whether to check the user's password against the dark web via HaveIBeenPwned's.facility. More information located [https://haveibeenpwned.com/Passwords here]. The compromised dataset is up to date using HaveIBeenPwned's online anonymous API. | + | |'''Reject Compromised Passwords''' || Control when a user updates their password, whether to check the user's password against the dark web via HaveIBeenPwned's.facility. More information located [https://haveibeenpwned.com/Passwords here]. The compromised dataset is up to date using HaveIBeenPwned's online anonymous API. |
|- | |- | ||
| − | |'''Compromised Password Threshold''' || If Reject Compromised Passwords is enabled, a limit can be set for how many times the password has been seen before the password a user sets gets rejected | + | |'''Compromised Password Threshold''' || If Reject Compromised Passwords is enabled, a limit can be set for how many times the password has been seen before the password a user sets gets rejected. More information can be found [https://wiki.studentnet.net/index.php/Compromised_Password#Settings_related_to_Compromised_Password here] |
| + | |- | ||
| + | |'''Compromised Password Login Check'''|| Check is user's password has been compromised at logins and enable prompt to change password if password has been compromised | ||
| + | |- | ||
| + | |'''Compromised Password Login Change Threshold'''|| Number of days a user is allowed to skip a login password change after the first detection of a compromised password. Passing this threshold, users are forced to update password before allowing to continue with logins. | ||
|- | |- | ||
|'''Session Length''' || Control how long a user can stay logged in before being asked to re-authenticate | |'''Session Length''' || Control how long a user can stay logged in before being asked to re-authenticate | ||
| + | |} | ||
| + | |||
| + | ===Authentication Settings=== | ||
| + | |||
| + | Authentication settings handle how users log in. | ||
| + | |||
| + | {| class="wikitable" | ||
| + | |+ Description of Authentication Settings Table | ||
| + | |- | ||
| + | ! Field Name!! Description | ||
| + | |- | ||
| + | |'''Primary IDP'''||If a Primary IDP is specified, once a users enters their username at the login screen, they will be redirected to their primary IDP to complete authentication. | ||
| + | |- | ||
| + | |'''Transparent Sign On Whitelist''' || IP addresses listed in this field, will be forced to login Cloudwork Authentication, instead of ADFS | ||
| + | |- | ||
| + | |'''Force Mobile Devices to always use Cloudwork'''|| Mobile devices can sometimes fail to authenticate properly if Network Layer SSO is enabled. Enable this option to force Android, iOS, and Windows Phone devices to always use Cloudwork Authentication | ||
| + | |- | ||
| + | |'''User Agent Whitelist'''|| Users listed in this field will not have to use Cloudwork Authentication. This is handy to only allow certain users to login via certain browsers | ||
| + | |- | ||
| + | |'''User Agent Blacklist'''|| Users listed in this field will have to use Cloudwork Authentication. This is handy to only disallow certain users to login via certain browsers | ||
| + | |- | ||
| + | |'''IP Addressing Blocking'''|| IP Addresses entered into this field will not be authenticate through Cloudwork | ||
| + | |- | ||
| + | |'''Country Blocking'''|| From the drop down 3 options can be selected: | ||
| + | *'''Allow all countries''': All countries are allowed to authenticate through Cloudwork | ||
| + | *'''Allowed only specified countries''': Only users logging in from specified countries are allowed to authenticate through Cloudwork, another form will appear underneath from which you can select which countries to allow. | ||
| + | *'''Block specified countries''': Only users logging in from non-specified countries are allowed to authenticate through Cloudwork, another form will appear underneath from which you can select which countries to allow. | ||
|} | |} | ||
===Password Settings=== | ===Password Settings=== | ||
| + | |||
| + | As part of changing passwords, Password Settings can allow IT admins to configure the requirements and restrictions for a password to be acceptable when a user changes their password via Cloudwork.ID, Password Expiry or Forgotten Password. | ||
| + | |||
{| class="wikitable" | {| class="wikitable" | ||
|+ Description of Password Settings Table | |+ Description of Password Settings Table | ||
| Line 61: | Line 101: | ||
|'''Block number sequences'''|| Configure whether users can set a sequence of numbers as their password, this option will not affect passwords that have already been set before the change was enabled | |'''Block number sequences'''|| Configure whether users can set a sequence of numbers as their password, this option will not affect passwords that have already been set before the change was enabled | ||
|- | |- | ||
| − | |'''Block personal details'''|| Configure whether users can include in their password, account details such as username, name, email | + | |'''Block personal details'''|| Configure whether users can include in their password, account details such as username, name, email, etc. This option will not affect passwords that have already been set before the change was enabled |
|- | |- | ||
|'''Phrase block list''' || Enter into the field, phrases/words that should not be used in the user's password. This option will not affect passwords that have already been set before the change was enabled | |'''Phrase block list''' || Enter into the field, phrases/words that should not be used in the user's password. This option will not affect passwords that have already been set before the change was enabled | ||
| Line 67: | Line 107: | ||
===Account Recovery Settings=== | ===Account Recovery Settings=== | ||
| + | |||
| + | While not directly affecting the Cloudwork.ID, the settings to configure the email or SMS a user receives when resetting passwords or recovering usernames via the Identity Provider/Login Screen are configured under the Account Recovery Settings.<br> | ||
| + | Setting to configure the user experince when resetting password or recovering username can be found [https://wiki.studentnet.net/index.php/Log_in_Theme here] | ||
| + | |||
{| class="wikitable" | {| class="wikitable" | ||
|+ Description of Account Recovery Settings Table | |+ Description of Account Recovery Settings Table | ||
| Line 72: | Line 116: | ||
! Field Name!! Description | ! Field Name!! Description | ||
|- | |- | ||
| − | |'''Show Nag Screen''' || If the option is enabled, users who have not entered user recovery details, at each login will get an extra prompt asking the user to add recovery details to their account | + | |'''Show Nag Screen''' || If the option is enabled, users who have not entered user recovery details, at each login will get an extra prompt asking the user to add recovery details to their account.<br> Further information can be found [https://wiki.studentnet.net/index.php/Nag_Screen here] |
|- | |- | ||
|'''Message Format'''|| For Password and Username Recovery, configure whether users can choose to receive recovery code via email or SMS, or force users to use specific method for recovery code | |'''Message Format'''|| For Password and Username Recovery, configure whether users can choose to receive recovery code via email or SMS, or force users to use specific method for recovery code | ||
|- | |- | ||
| − | |'''Forgot Password Email Template'''|| | + | |'''Forgot Password Email Template'''|| Select which Message Template should be used, when users forget their password and require a recovery email to be sent |
|- | |- | ||
| − | |'''Forgot Password SMS Template'''|| | + | |'''Forgot Password SMS Template'''|| Select which Message Template should be used, when users forget their password and require a recovery SMS to be sent |
|- | |- | ||
| − | |'''Forgot Username Email Template'''|| | + | |'''Forgot Username Email Template'''|| Select which Message Template should be used, when users forget their Username and require a recovery email to be sent |
|- | |- | ||
| − | |'''Forgot Username SMS Template'''|| | + | |'''Forgot Username SMS Template'''|| Select which Message Template should be used, when users forget their Username and require a recovery SMS to be sent |
|} | |} | ||
| − | https://wiki.studentnet.net/index.php/Password_Reset_Flow | + | *Documentation on the Password Reset flow can be found [https://wiki.studentnet.net/index.php/Password_Reset_Flow here] |
| + | *Documentation on creating Message Templates which can then be selected in the Account Recovery Settings [https://wiki.studentnet.net/index.php/Message_Templates here] | ||
===Useful Link=== | ===Useful Link=== | ||
| − | https://wiki.studentnet.net/index.php/Useful_Links | + | |
| + | List of links under CloudworkID Settings that make it easier to navigate to account recovery settings and CloudworkID Service Page Links listed, further documentation located [https://wiki.studentnet.net/index.php/Useful_Links here] | ||
| + | |||
| + | [[Category:Cloudwork.ID]] | ||
Latest revision as of 05:29, 16 April 2025
Contents
Cloudwork.ID Settings
Located in the Cloudwork Dashboard>Side Bar>Settings>CloudworkID Settings
The Cloudwork.ID Settings, allows Admins to configure:
- The appearance of the Cloudwork.ID
- Actions that can be done in the Cloudwork.ID by users
- Password Requirements and options for when users change their password
- Account Recovery Templates
- Useful Links that IT admins can send to users
Look and Feel
The settings in Look and Feel control the appearance of the Cloudwork.ID a detailed breakdown of how each field affects the appearance of the Cloudwork.ID can be found here
Features
Settings for the Cloudwork.ID located under Features generally configures the Cloudwork.ID's appearance, what aspects of a user's own account settings a user can mange by themselves and whether users are allowed to view SSO Services a user can login to.
| Field Name | Description |
|---|---|
| Cloudwork.ID Homepage | Configures whether users will be able to see the list of SSO Services available to them or will users only be able to their own account settings |
| Passwords | Configure whether users will be allowed to update their password |
| Recovery Information | Configure whether users will be allowed to update their Recovery Information |
| Multifactor Authentication | Configure whether users can add or delete MFA options to their account. More information can be found here here |
| Disable Multifactor | Configure whether users can disable MFA from their account, users can remove MFA options but must have at least one MFA option available if this option is active |
| Users must enable MFA | Configure whether users must have MFA enabled before accessing any service |
| Allow Passwordless Login | Configure whether users can set Passkey as an alternate login. More information can be found here |
| Let Users Configure Passwordless Login without enforcing MFA | Control whether users need to have MFA before setting up a Passkey |
| Enable Trusted Devices | As a feature of Multifactor, Users have the option when logging in to select I trust this device, don't ask again. This means for the next 30 days the user will not have to use a code for MFA. |
| Multifactor Authentication Whitelist | Enter IP Addresses or Address Ranges, so users logging in from specified IP Address/Range will not be prompted for MFA |
| Multifactor Push Alert Actions | This option is specific to the CloudworkID Authenticator App both Custom and normal, control whether users can accept MFA prompts the notifications icon or need to launch the CloudworkID Authenticator App to accept MFA requests |
| Multifactor Methods | Control whether users can use SMS as an MFA option or not, this option is so school do not get charged extra for SMS cost listed in the this documentation |
| Reject Compromised Passwords | Control when a user updates their password, whether to check the user's password against the dark web via HaveIBeenPwned's.facility. More information located here. The compromised dataset is up to date using HaveIBeenPwned's online anonymous API. |
| Compromised Password Threshold | If Reject Compromised Passwords is enabled, a limit can be set for how many times the password has been seen before the password a user sets gets rejected. More information can be found here |
| Compromised Password Login Check | Check is user's password has been compromised at logins and enable prompt to change password if password has been compromised |
| Compromised Password Login Change Threshold | Number of days a user is allowed to skip a login password change after the first detection of a compromised password. Passing this threshold, users are forced to update password before allowing to continue with logins. |
| Session Length | Control how long a user can stay logged in before being asked to re-authenticate |
Authentication Settings
Authentication settings handle how users log in.
| Field Name | Description |
|---|---|
| Primary IDP | If a Primary IDP is specified, once a users enters their username at the login screen, they will be redirected to their primary IDP to complete authentication. |
| Transparent Sign On Whitelist | IP addresses listed in this field, will be forced to login Cloudwork Authentication, instead of ADFS |
| Force Mobile Devices to always use Cloudwork | Mobile devices can sometimes fail to authenticate properly if Network Layer SSO is enabled. Enable this option to force Android, iOS, and Windows Phone devices to always use Cloudwork Authentication |
| User Agent Whitelist | Users listed in this field will not have to use Cloudwork Authentication. This is handy to only allow certain users to login via certain browsers |
| User Agent Blacklist | Users listed in this field will have to use Cloudwork Authentication. This is handy to only disallow certain users to login via certain browsers |
| IP Addressing Blocking | IP Addresses entered into this field will not be authenticate through Cloudwork |
| Country Blocking | From the drop down 3 options can be selected:
|
Password Settings
As part of changing passwords, Password Settings can allow IT admins to configure the requirements and restrictions for a password to be acceptable when a user changes their password via Cloudwork.ID, Password Expiry or Forgotten Password.
| Field Name | Description |
|---|---|
| Minimum Password Length | Configures the minimum length a user can update or set their password |
| Maximum Password Length | Configures the maximum length a user can update or set their password |
| Require Complexity | Configure whether users must follow password complexity rules when updating passwords. Further information on the specific conditions of password complexity can be found here |
| Days before Password Expiry Prompt | Configure how many days before the password expiry occurs, does a user get asked to change their password |
| Block number sequences | Configure whether users can set a sequence of numbers as their password, this option will not affect passwords that have already been set before the change was enabled |
| Block personal details | Configure whether users can include in their password, account details such as username, name, email, etc. This option will not affect passwords that have already been set before the change was enabled |
| Phrase block list | Enter into the field, phrases/words that should not be used in the user's password. This option will not affect passwords that have already been set before the change was enabled |
Account Recovery Settings
While not directly affecting the Cloudwork.ID, the settings to configure the email or SMS a user receives when resetting passwords or recovering usernames via the Identity Provider/Login Screen are configured under the Account Recovery Settings.
Setting to configure the user experince when resetting password or recovering username can be found here
| Field Name | Description |
|---|---|
| Show Nag Screen | If the option is enabled, users who have not entered user recovery details, at each login will get an extra prompt asking the user to add recovery details to their account. Further information can be found here |
| Message Format | For Password and Username Recovery, configure whether users can choose to receive recovery code via email or SMS, or force users to use specific method for recovery code |
| Forgot Password Email Template | Select which Message Template should be used, when users forget their password and require a recovery email to be sent |
| Forgot Password SMS Template | Select which Message Template should be used, when users forget their password and require a recovery SMS to be sent |
| Forgot Username Email Template | Select which Message Template should be used, when users forget their Username and require a recovery email to be sent |
| Forgot Username SMS Template | Select which Message Template should be used, when users forget their Username and require a recovery SMS to be sent |
- Documentation on the Password Reset flow can be found here
- Documentation on creating Message Templates which can then be selected in the Account Recovery Settings here
Useful Link
List of links under CloudworkID Settings that make it easier to navigate to account recovery settings and CloudworkID Service Page Links listed, further documentation located here
