Access management

Combined user roles

This setting can be marked if there is a need for one person to have many user roles at a time. Then the user role will have combined access rights from all the user roles that he has. 

Employee phone and email required

When this is marked those fields will be required in employee registration. 

Create service when given access to site

When this is marked then an employee is created as service partner on a site that he is given access to directly (in Site access step in Access management). 

When this setting is enabled (default enabled from 20.7 and later) then there will appear a Reset password link on the login page. By clicking that link you get an option to input your email to send a reset password link in email on. You can then choose how long this link is valid, the default is two hours. 

Here you can write the subject and body text for the email that is sent out when a user clicks the reset password link on login page and sends an email.  

These settings control how passwords sent for one-time use are to be created generally for this database.

OTP login enabled

If this setting is marked, it is possible to log in with on time password registration (OneTimePassword). This is done by entering the traditional URL of the website but adding an extra string at the back to go to this other page.

Example:

Traditional login = http://customer.mainmanager.is/login.aspx

Login with OTP = http://customer.mainmanager.is/loginOTP.aspx

If this setting is not marked, then it will not possible to use this new login on the relevant database and if you try to enter an URL with OTP ending, it will go directly to the standard login page.

Password length

Here it is defined how long the password should be, ie. how many letters / numbers / symbols.

Expiration time

Here you should register how many minutes it takes for a password to expire. Keep in mind that if a user loses a password, he/she will not be able to have a new one sent until after the expiration time. To send a new password, you need to enter something in the password field (even if it is incorrect) and then the login page changes so that you can request a new password.

Allowed characters

Here you register the characters that are valid in a OTP password. If the password should i.e. only consist of numbers then they are entered (0123456789). It is also possible to use letters or symbols and e.g. if both uppercase and lowercase letters are to be possible, you have to register them both. The system will then randomly arrange these symbols in a string sent by e-mail / SMS.

Username type

You can choose whether to use the username or email address when sending out password. As it is only possible for active users to log in using this method, the system will use the information from this user registration. When entering an OTP URL that supports this type of login, the user will then either enter a username or email address to receive a password.

Two factor authentication

If this setting is marked, the user needs to enter both their email address AND username to be able to request a password via email / SMS. This setting is available for making this login process even more secure than before.