Adxstudio Portals TrainingAuthentication Options
Authentication
Configurable and Easy
Different Authentication modes can be
mixed and matched. You don’t have to choose one or
the other
Services Provided Include:Local (username/password) user sign-in
External (social Provider) user sign-in
Two-Factor authentication with email or SMS
Configured with Site Settings – Full list available in documentation
ADFS or Custom Open ID/Oauth providers can also be implemented using ACS or Open Auth
Local Authentication
•Username and Password stored in the CRM
• Password is a hidden, encrypted field
• Simply Switch it on or off using the Site Setting:
Authentication/Registration/LocalLoginEnabled
Lost Password Reset
• If a user forgets their password, they can choose to have a password reset email sent to them
• Requires the site setting:Authentication/Registration/ResetPasswordEnabled
Changing a Password
• A user can change their password at any time. The username cannot be changed after it is set.
• If an administrator wants to reset the password in the CRM, run the “Change Password” dialog
Federated Authentication
• The user selects an identity provider such as:• Windows Live ID, Google, Facebook, etc.
• The user is authenticated by the identity provider• If successfully authenticated, the user is returned to the portal• A user recognized as a returning/registered user becomes an authenticated
user of the portal• The token returned by identity provider to identify the user is stored within
CRM, as an ‘External Identity’ record• Users can have any number of external identities enabled• Username stores the Identity Token• Also Stored is the Identity Provider itself
• To enable External Identity must set the following site setting to true:Authentication/Registration/ExternalLoginEnabled
Manage External Accounts• A single identity from each of the configured identity providers can
be connected
• Identity Providers are configured Individually with site settings
• Allows for OAuth2 Social Providers, and WS-Federation Providers including ADFS and Azure ACS
• Once connected, the user may choose to sign-in with any of the connected identities
• Existing identities can also be disconnected as long as a single external or local identity remains
Connecting External Accounts
• Choose from a list of enabled providers, and connect one or more to your user account
OAuth2 Providers
• The OAuth 2.0 based external identity providers involve registering an "application" with a 3rd party service to obtain a "client ID" and "client secret" pair
• The client ID and client secret are configured as portal site settings in order to establish a secure connection from relying party to identity provider
Providers Supported:• Microsoft Account• Twitter• Facebook• Google• LinkedIn• Yammer• Yahoo
WS-Federation Providers
• A single AD FS server can be added (or another WS-Federation compliant security token service, STS) as an identity provider
• In addition, a single Azure ACS namespace can be configured as a set of individual identity providers
• The Setup is involved, but well-documented on the Adxstudio Community Portal
Two-Factor Identification
•When enabled, increases security by requiring proof of ownership of a confirmed email or mobile phone
• The first time the user attempts to sign in on a device, they will be sent a security code to their email or mobile device, they will need to submit this to sign-in
• If the Portal is set to remember browser, this will only happen once per browser, per device
• Site Settings:Authentication/Registration/TwoFactorEnabled
Authentication/Registration/RememberBrowserEnabled
Top Related