Smartstaff, administrator
3,314
edits
Changes
→Privacy and Security Policies
# Reset your password
This article will show you how to setup and modify login pages within your systemand we will look at other related settings.
[[File:Example of login page.png|thumb|none|500px|In the above example the login section and the language drop down that enables you to switch to the other language specific login pages are both highlighted. ]]
==Agreeing to Cookies==
When we talk about Cookies we are referring to a small piece of data stored on a user’s computer. As of the [https://en.wikipedia.org/wiki/HTTP_cookie#EU_cookie_directive|EU Cookie directive] you users must get be aware/consent from your usersto cookies.
The first time a user comes to your system they will be presented with an alert explaining that SmartSimple uses cookies. It also states that by using the system they are consenting to the use of cookies. The user can click ok '''OK''' to accept or navigate away. There is also a link to a longer description which explains what cookies are being used and the purpose of each cookiewhy.
We recommend that you should leave this setting always on, However it is possible to disable the cookie warning. Go to Menu Icon > '''Global Settings''' > '''Security''' and toggle off '''Enable Cookie Usage Acceptance'''.
[[File:cookies.jpg|thumb|none|500px|The Cookies acceptance alert shown to all users first time they visit your system.]]
==Privacy and Security Policies==
Within your system you will need to setup Privacy and Security Policies. You will set these polices up for several language and country combinations. Typically a privacy policy will say what type of information you collect, why it is collected, how it is collected , what you will use the information for, who will have access to the information, how users will be notified of changes to the policy and who to contact regarding privacy concerns.
Learn more about [[Configuring_Privacy,_Confidentiality_and_Other_Policies|Configuring Privacy and Security Policies]]
The login page will have a button called '''Privacy & Security Policies''' in the main panel below the email and password inputs.
If you have chosen a date for Enforce User Acceptance the user will be brought directly to your policies upon login.
==Forgot Password==
A forgot password link appears by default on the login page.
Users can enter an email and if a user with access has the email entered the system will email instructions to that user so they can change their password.
If you do not receive an email within a few minutes check your spam/junk mail folder.
The forgot password email sent to users can be configured by doing the following:
# Go to Menu icon > '''Global Settings''' > '''Security''' Tab > '''Password and Activation Policies''' link > '''Activation Email Templates''' tab > scroll down to '''Request Password''.
# modify the content as desired.
# press '''Save'''.
=Configuration - Advanced=
==CAPTCHA on the Login==
If you enter the wrong email and password into the login page twice you will see a CAPTCHA. CAPTCHA stands for “Completely Automated Public Turing Test to tell Computers and Humans Apart”. It is used in this case to verify that a person and not an automated program is attempting to login.
[[File:captcha-login.jpg|thumb|none|500px|CAPTCHA displayed after wrong email and password combination entered]]
You can toggle the CAPTCHA on or off for your entire system by going to Menu icon > Global Settings > Security tab > and choose either enabled or disabled. The inherit choice only affects signup pages and will not disable CAPTCHA on the login.
Note you can also choose to bypass the use of CAPTCHA for users in countries that are unable to communicate with CAPTCHA servers because of government policy. This is done by selecting a country such as China in the bypass setting.
[[File:Recaptcha.png|thumb|none|500px|Global CAPTCHA Settings]]
==Popup Blocker Check==
The login page can be configured to check whether users have a pop-up blocker enabled. If the user does have a popup blocker enabled they will receive a warning with a suggestion that they disable their pop-up blocker.
Typically we leave this check disabled and do not warn users that they are using a pop up blocker.
[[File:popup-blocker.jpg|thumb|none|500px|text]]
If you choose you can enable this check and warning message by doing the following.
# Go to menu icon > '''Global Settings''' > '''Branding''' tab > '''Login Pages''' link > edit the desired login page.
# Go to the '''Template''' tab.
# Inside the '''Login Page Template''' text area search for '''disabled="disabled"'''
# Remove the '''disabled="disabled"''' text.
# Press '''Save'''.
==Alternate Login Pages==
The '''Alternate '''tab from the Login Page list view is used to view and create multiple custom login pages for various groups of users within the same system. It uses virtual alias to mask their instance [[URL]].
When you click the '''+ '''icon at the top of the '''Alternate '''tab to create a '''New Alternate Login Page, '''you will be brought to the following form:
:: [[File:Alternate login pages.png|800px|border]]
{| class="wikitable"
|-
||'''Login Page Name'''
||Name of the virtual alias login page
|-
||'''Description'''
||Description of the virtual alias login page
|-
||'''Scope Organization'''
||Lookup that allows the virtual alias login page to be restricted to users in the selected organization
|-
||'''Virtual Folder Name'''
||User adds a name such as "grants," and then you can direct different users to appropriate logins
|-
||'''Web Alias'''
||User enters the alias they want - for example, "gms" - instead of the instance-defined alias
|-
||'''Persistent Cookies'''
||Enable or disable persistent cookies. Rather than having to log into SmartSimple each time you open your web browser, a "cookie" can be installed on your computer that will automatically authenticate you, allowing you to bypass the login screen and having to re-enter your credentials.
|-
||'''Attach User Identifier'''
||
|-
||'''Encrypt URL'''
||Enable or disable the encryption of the URL
|-
||'''Redirect URL'''
||Enter URL for users to be redirected to upon successful login
|-
||'''Primary Role'''
||Select from the available system roles to choose the primary default role that a user will have when they log in from this alternate login page. This function is used to force the user to see the correct portal.
|-
||'''Login Type'''
||
Select from the drop-down for the three available options: All Users, Activated Users Only, No Access
|-
||'''User Field'''
||This is the field that will be used on the login page to uniquely identify the specific user when they log in. This is typically set to '''Email Address. '''
|-
||'''Password Field'''
||This is the field on the login page that will be used to capture the user password when they login.
|-
||'''Login Error Message'''
||This is the error message that will appear on the login page after a failed login attempt.
|-
||'''Login Page Content'''
||'''Insert Sample Template - '''Click this hyperlink to autopopulate the text window with a sample template for a login page. Otherwise, you can insert in your own customized content. You can use the '''HTML Editor '''button at the bottom in order to open a pop-up that displays the content as it will be shown to the user from the HTML.
|}
==Login Security Features==
Login security is related to the '''System Security '''section of your [[SmartSimple]] copy. In order to disable or enable certain security measures relating to the process of logging in and out of SmartSimple, follow these steps:
1. Click on the 9-square menu icon on the top right of your page.
:: {{Icon-Menu}}
2. Under the heading '''Configuration, '''select '''[[Global Settings]].'''
3. Click on the tab called '''Security.'''
4. Scroll down until you see the subheading '''System Security. '''
Many system security features will be listed, with a certain few pertaining to login and logout activity for users. These are outlined in red in the screenshot below, and each explained in greater detail in the subsections.
:: [[File:Login security.png|700px|border]]
For more information regarding aspects of system security not just related to logging in and out, please see our [[Security Settings]] page.
===Enable Logout===
Enabling this function will terminate the session and automatically log out the user when they navigate to a different website, close the browser, or click '''Logout. '''
===Disable External Login Shortcut===
This function will disable the use of external login shortcut from the URL. '''Because there are security implications to using the external login shortcut (see below), disabling the feature completely is a good preventative measure.'''
=====What is the External Login Shortcut?=====
This function allows you to ''bypass ''Login Page Scripting that you have added to the Login Page. However, this technique should only be used when it is completely necessary because there are numerous security implications:
* The URL being opened may be available to other users on the same machine on which you are browsing
* The URL retrieved from the remote machine may be logged elsewhere (i.e. Proxy Server history, DNS server)
* Your browser history may retain the URL, '''including your password'''
The conditions for when you should use this technique include:
* When the '''Login Page Scripting '''is not functioning correctly
* When you ''clone ''a copy of [[SmartSimple]] and the original copy contain a Login Script that prevents you from accessing the clone
<pre> Never create this technique as a browser shortcut because the username and the password are exposed. </pre>
To employ this method of accessing your SmartSimple [[instance]], you use the following type of URL:
: http://Alias.smartsimple.biz/exlogin.jsp?alias=alias&user=username&password=password
* '''exlogin.jsp '''is case-sensitive
===Disable Session Timeout Alert===
This function will disable both a 30-second alert and a re-login prompt for a Session Timeout (if Session Timeout is set).
In order to set Session Timeout, simply scroll up above to the heading '''Business Security. '''The last field box in that section will allow you to set ''x'' amount of minutes of inactivity before the user's session will automatically initiate Session Timeout.
:: [[File:Session timeout setting.png|600px|border]]
===Disable Login Token Check===
By disabling this feature, you allow the same user to be logged in from multiple sessions. This is a function primarily used only for load-testing purposes. It is strongly recommended that this feature is ''not ''set when going live.
==Invalid Login Audit==
In order to access a [[List View Overview|list]] of all invalid logins from your [[SmartSimple]] [[instance]], follow these steps:
1. Click on the 9-square menu icon on the top right of your page.
:: {{Icon-Menu}}
2. Under the heading '''Configuration, '''select '''Global Settings.'''
3. Click on the tab called '''Security.'''
4. Click on the hyperlink called '''Password and Activation Policies.'''
5. Click on the fourth tab labelled '''Invalid Login Audit.'''
The list of invalid logins will be displayed:
:: [[File:Invalid login audit.png|950px|border]]
The fields for invalid logins include '''IP Address, User Name '''(denoted as an email address), and the '''Time '''of the invalid login.
Using the Search fields on the top right, you are also able to apply [[Filters]] by time period ('''Year '''and '''Month''') and/or by username.
=Settings Explained=
||You can enter your custom code into this text area or modify the existing content added by clicking the sample template link. Although you can enter your own code here we generally don’t recommend it. If you do add your own code here make sure your code meets accessibility guidelines and make sure it is responsive (works on all devices including mobile).
|}
=See Also=
