Cloudwork.ID Settings

From Studentnet Wiki
Jump to navigation Jump to search

Cloudwork.ID Settings

Located in the Cloudwork Dashboard>Side Bar>Settings>CloudworkID Settings
The Cloudwork.ID Settings, allows Admins to configure:

  • The appearance of the Cloudwork.ID
  • Actions that can be done in the Cloudwork.ID by users
  • Password Requirements and options for when users change their password
  • Account Recovery Templates
  • Useful Links that IT admins can send to users

Look and Feel

The settings in Look and Feel control the appearance of the Cloudwork.ID a detailed breakdown of how each field affects the appearance of the Cloudwork.ID can be found here

Features

Description of Features Table
Field Name Description
Cloudwork.ID Homepage Configures whether users will be able to see the list of SSO Services available to them or will users only be able to their own account settings
Passwords Configure whether users will be allowed to update their password
Recovery Information Configure whether users will be allowed to update their Recovery Information
Multifactor Authentication Configure whether users can add or delete MFA options to their account
Disable Multifactor Configure whether users can disable MFA from their account, users can remove MFA options but must have at least one MFA option available if this option is active
Users must enable MFA Configure whether users must have MFA enabled before accessing any service
Allow Passwordless Login Configure whether users can set Passkey as an alternate login
Let Users Configure Passwordless Login without enforcing MFA Control whether users need to have MFA before setting up a Passkey
Enable Trusted Devices As a feature of Multifactor, Users have the option when logging in to select I trust this device, don't ask again. This means for the next 30 days the user will not have to use a code for MFA.
Multifactor Authentication Whitelist Enter IP Addresses or Address Ranges, so users logging in from specified IP Address/Range will not be prompted for MFA
Multifactor Push Alert Actions This option is specific to the CloudworkID Authenticator App both Custom and normal, control whether users can accept MFA prompts the notifications icon or need to launch the CloudworkID Authenticator App to accept MFA requests
Multifactor Methods Control whether users can use SMS as an MFA option or not, this option is so school do not get charged extra for SMS cost listed in the this documentation
Reject Compromised Passwords Control when a user updates their password, whether to check the user's password against the dark web via HaveIBeenPwned's.facility. More information located here. The compromised dataset is up to date using HaveIBeenPwned's online anonymous API.
Compromised Password Threshold If Reject Compromised Passwords is enabled, a limit can be set for how many times the password has been seen before the password a user sets gets rejected
Session Length Control how long a user can stay logged in before being asked to re-authenticate

Password Settings

Description of Password Settings Table
Field Name Description
Minimum Password Length Configures the minimum length a user can update or set their password
Maximum Password Length Configures the maximum length a user can update or set their password
Require Complexity Configure whether users must follow password complexity rules when updating passwords. Further information on the specific conditions of password complexity can be found here
Days before Password Expiry Prompt Configure how many days before the password expiry occurs, does a user get asked to change their password
Block number sequences Configure whether users can set a sequence of numbers as their password, this option will not affect passwords that have already been set before the change was enabled
Block personal details Configure whether users can include in their password, account details such as username, name, email, etc. This option will not affect passwords that have already been set before the change was enabled
Phrase block list Enter into the field, phrases/words that should not be used in the user's password. This option will not affect passwords that have already been set before the change was enabled

Account Recovery Settings

Description of Account Recovery Settings Table
Field Name Description
Show Nag Screen If the option is enabled, users who have not entered user recovery details, at each login will get an extra prompt asking the user to add recovery details to their account.
Further information can be found here
Message Format For Password and Username Recovery, configure whether users can choose to receive recovery code via email or SMS, or force users to use specific method for recovery code
Forgot Password Email Template Configure whether users must follow password complexity rules when updating passwords. Further information on the specific conditions of password complexity can be found here
Forgot Password SMS Template Configure how many days before the password expiry occurs, does a user get asked to change their password
Forgot Username Email Template Configure whether users can set a sequence of numbers as their password, this option will not affect passwords that have already been set before the change was enabled
Forgot Username SMS Template Configure whether users can include in their password, account details such as username, name, email, sisid, etc. This option will not affect passwords that have already been set before the change was enabled
  • Documentation on the Password Reset flow can be found here
  • Documentation on creating Message Templates which can then be selected in the Account Recovery Settings

Useful Link

https://wiki.studentnet.net/index.php/Useful_Links