Changes

Within your system you will need to setup Privacy and Security Policies. You will set these polices up for several language and country combinations. Typically a privacy policy will say what type of information you collect, why it is collected, how it is collected , what you will use the information for, who will have access to the information, how users will be notified of changes to the policy and who to contact regarding privacy concerns. Learn more about [[Configuring_Privacy,_Confidentiality_and_Other_Policies|Configuring Privacy and Security Policies]] The login page will have a button called '''Privacy & Security Policies''' in the main panel below the email and password inputs. If you have chosen a date for Enforce User Acceptance the user will be brought directly to your policies upon login. ==Forgot Password== A forgot password link appears by default on the login page.  Users can enter an email and if a user with access has the email entered the system will email instructions to that user so they can change their password.  If you do not receive an email within a few minutes check your spam/junk mail folder.

Learn more about The forgot password email sent to users can be configured by doing the following: # Go to Menu icon > '''Global Settings''' > '''Security''' Tab > '''Password and Activation Policies''' link > '''Activation Email Templates''' tab > scroll down to '''Request Password''.# modify the content as desired.# press '''Save'''. =Configuration - Advanced===CAPTCHA on the Login==If you enter the wrong email and password into the login page twice you will see a CAPTCHA. CAPTCHA stands for “Completely Automated Public Turing Test to tell Computers and Humans Apart”. It is used in this case to verify that a person and not an automated program is attempting to login. [[File:captcha-login.jpg|thumb|none|500px|CAPTCHA displayed after wrong email and password combination entered]] You can toggle the CAPTCHA on or off for your entire system by going to Menu icon > Global Settings > Security tab > and choose either enabled or disabled. The inherit choice only affects signup pages and will not disable CAPTCHA on the login.Note you can also choose to bypass the use of CAPTCHA for users in countries that are unable to communicate with CAPTCHA servers because of government policy. This is done by selecting a country such as China in the bypass setting. [[File:Recaptcha.png|thumb|none|500px|Global CAPTCHA Settings]] ==Popup Blocker Check==The login page can be configured to check whether users have a pop-up blocker enabled. If the user does have a popup blocker enabled they will receive a warning with a suggestion that they disable their pop-up blocker.Typically we leave this check disabled and do not warn users that they are using a pop up blocker. [[File:popup-blocker.jpg|thumb|none|500px|text]] If you choose you can enable this check and warning message by doing the following. # Go to menu icon > '''Global Settings''' > '''Branding''' tab > '''Login Pages''' link > edit the desired login page.# Go to the '''Template''' tab.# Inside the '''Login Page Template''' text area search for '''disabled="disabled"'''# Remove the '''disabled="disabled"''' text.# Press '''Save'''. ==Alternate Login Pages==The '''Alternate '''tab from the Login Page list view is used to view and create multiple custom login pages for various groups of users within the same system. It uses virtual alias to mask their instance [[URL]].  When you click the '''+ '''icon at the top of the '''Alternate '''tab to create a '''New Alternate Login Page, '''you will be brought to the following form:  :: [[File:Alternate login pages.png|800px|border]]{| class="wikitable"|-||'''Login Page Name'''||Name of the virtual alias login page|-||'''Description'''||Description of the virtual alias login page|-||'''Scope Organization'''||Lookup that allows the virtual alias login page to be restricted to users in the selected organization|-||'''Virtual Folder Name'''||User adds a name such as "grants," and then you can direct different users to appropriate logins|-||'''Web Alias'''||User enters the alias they want - for example, "gms" - instead of the instance-defined alias|-||'''Persistent Cookies'''||Enable or disable persistent cookies. Rather than having to log into SmartSimple each time you open your web browser, a "cookie" can be installed on your computer that will automatically authenticate you, allowing you to bypass the login screen and having to re-enter your credentials. |-||'''Attach User Identifier'''|||-||'''Encrypt URL'''||Enable or disable the encryption of the URL|-||'''Redirect URL'''||Enter URL for users to be redirected to upon successful login|-||'''Primary Role'''||Select from the available system roles to choose the primary default role that a user will have when they log in from this alternate login page. This function is used to force the user to see the correct portal.|-||'''Login Type'''||Select from the drop-down for the three available options: All Users, Activated Users Only, No Access  |-||'''User Field'''||This is the field that will be used on the login page to uniquely identify the specific user when they log in. This is typically set to '''Email Address. '''|-||'''Password Field'''||This is the field on the login page that will be used to capture the user password when they login.|-||'''Login Error Message'''||This is the error message that will appear on the login page after a failed login attempt. |-||'''Login Page Content'''||'''Insert Sample Template - '''Click this hyperlink to autopopulate the text window with a sample template for a login page. Otherwise, you can insert in your own customized content. You can use the '''HTML Editor '''button at the bottom in order to open a pop-up that displays the content as it will be shown to the user from the HTML. |}==Login Security Features==Login security is related to the '''System Security '''section of your [[SmartSimple]] copy. In order to disable or enable certain security measures relating to the process of logging in and out of SmartSimple, follow these steps:  1. Click on the 9-square menu icon on the top right of your page. :: {{Icon-Menu}} 2. Under the heading '''Configuration, '''select '''[[Configuring_PrivacyGlobal Settings]].''' 3. Click on the tab called '''Security.''' 4. Scroll down until you see the subheading '''System Security. ''' Many system security features will be listed,_Confidentiality_and_Other_Policieswith a certain few pertaining to login and logout activity for users. These are outlined in red in the screenshot below, and each explained in greater detail in the subsections.  :: [[File:Login security.png|Configuring Privacy 700px|border]]For more information regarding aspects of system security not just related to logging in and out, please see our [[Security PoliciesSettings]] page. ===Enable Logout===Enabling this function will terminate the session and automatically log out the user when they navigate to a different website, close the browser, or click '''Logout. ''' ===Disable External Login Shortcut===This function will disable the use of external login shortcut from the URL. '''Because there are security implications to using the external login shortcut (see below), disabling the feature completely is a good preventative measure.''' =====What is the External Login Shortcut?=====This function allows you to ''bypass ''Login Page Scripting that you have added to the Login Page. However, this technique should only be used when it is completely necessary because there are numerous security implications:  * The URL being opened may be available to other users on the same machine on which you are browsing* The URL retrieved from the remote machine may be logged elsewhere (i.e. Proxy Server history, DNS server) * Your browser history may retain the URL, '''including your password''' The conditions for when you should use this technique include:  * When the '''Login Page Scripting '''is not functioning correctly* When you ''clone ''a copy of [[SmartSimple]] and the original copy contain a Login Script that prevents you from accessing the clone 

The login page will have <pre> Never create this technique as a button called Privacy & Security Policies in browser shortcut because the main panel below username and the email and password inputsare exposed.</pre> To employ this method of accessing your SmartSimple [[instance]], you use the following type of URL: 

If you have chosen : http://Alias.smartsimple.biz/exlogin.jsp?alias=alias&user=username&password=password* '''exlogin.jsp '''is case-sensitive ===Disable Session Timeout Alert===This function will disable both a 30-second alert and a date re-login prompt for Enforce User Acceptance a Session Timeout (if Session Timeout is set). In order to set Session Timeout, simply scroll up above to the heading '''Business Security. '''The last field box in that section will allow you to set ''x'' amount of minutes of inactivity before the user 's session will automatically initiate Session Timeout.  :: [[File:Session timeout setting.png|600px|border]]===Disable Login Token Check===By disabling this feature, you allow the same user to be brought directly logged in from multiple sessions. This is a function primarily used only for load-testing purposes. It is strongly recommended that this feature is ''not ''set when going live.  ==Invalid Login Audit==In order to access a [[List View Overview|list]] of all invalid logins from your policies upon [[SmartSimple]] [[instance]], follow these steps:  1. Click on the 9-square menu icon on the top right of your page. :: {{Icon-Menu}} 2. Under the heading '''Configuration, '''select '''Global Settings.''' 3. Click on the tab called '''Security.''' 4. Click on the hyperlink called '''Password and Activation Policies.''' 5. Click on the fourth tab labelled '''Invalid Login Audit.''' The list of invalid logins will be displayed:  :: [[File:Invalid loginaudit.png|950px|border]]The fields for invalid logins include '''IP Address, User Name '''(denoted as an email address), and the '''Time '''of the invalid login. Using the Search fields on the top right, you are also able to apply [[Filters]] by time period ('''Year '''and '''Month''') and/or by username.