The section includes settings for controlling and tracking user logins, the complexity of the password they use, as well as authorization options to increase security. To work with the section you need to connect it and provide access to a group of users in the "Groups access rights" menu.
The section contains three tabs with settings.
1. Authentication settings. A number of restrictions on user logins to the system, also a part of them is implemented for user groups:
- Remember me - gives you the option of not having to enter your password every time.
- Verify IP - when the user logs in from a different IP address, they will prompted to enter the password.
- Remember me after X days - the number of days the system will remember your login data and will not ask you for the password.
- Number of attempts to login - a convenient feature when for some reason a variant of password matching occurs, it blocks the user who has exceeded the specified number of attempts.
2. Password policy. A set of rules for improving security by checking the security and requesting users to change their passwords, this policy can be a part of official requirements and company rules. You can read more about each setting in the "Configuring the EddyDesk system user password policy" article.
Single Sign-On (SSO - a technology that combines several different login screens for different platforms into one. With single sign-on, a user only needs to enter their credentials (username, password, etc.) once on one page to gain access to all of their SaaS applications. SSO is not only much easier and more convenient for users, but it is also considered more secure.
Read more about the options and examples of connections already implemented in the article "Single sign-on - SSO SAML integration with EddyDesk (OneLogin, Okta)
How to set up integration with LDAP/Active Directory :
- Check the "Use LDAP for authentication" checkbox;
- Configure the system according to your server settings;
Users will be synchronized after saving the settings.
Let's look at the features of LDAP in EddyDesk
- You can use tags in the "Dispatcher" (they are also added to API).
- LDAP email must match the system email, authorization will be canceled if the email does not match. For example, if you prescribe email for users, they won't be able to log in to the Active Directory account. Next you will need to use one of the options:
- Remove email from LDAP, then the it will be created by type firstname.lastname@example.org;
- Return email from LDAP for the user under the corresponding login.
- The "Account suffix" field is not mandatory when connecting. You can specify only one suffix in this field, e.g. @ed.com, which will work as a restriction and will allow users with such a domain to log on by name only. In case you have several domains in Active Directory this field is not filled and users will be able to login under any domain, specifying it and their name, for example email@example.com.
- The synchronization and addition of contacts from AD is done by pulling the information from samaccountname field and if the full email is written there the system will display its value. Synchronization of contacts occurs automatically one by one after successful authorization. There are two options to work with synchronization in the system:
- If synchronization is used only for authorization - synchronization can be disabled, accounts will be created when you try to log in and will be updated the same way every time you log back in.
- If you leave synchronization - accounts must be created, maybe expected LDAP username in the card won't coincide with what you type, but user can log in under this account without problems by typing in the login suffix (firstname.lastname@example.org) coinciding with the system's mail.
If these variants don't work for some reason, please contact our support team. Our colleagues will help you to correct synchronization and make changes to get rid of suffixes, as well as will consult you on any other questions.