Skip to content

Authentication

Overview

Mythradon provides a number of Authentication Settings that your system administrator can set to meet your business security needs.

  • Select Administration | Authentication from the Menu Button
  • Edit the fields as required
  • Click the Save button to commit the changes

Mythradon Authentication Settings

Authentication Settings

Field Description
CONFIGURATION
Authentication Method Sets the Authentication behaviour to Mythradon's built in settings or using an external LDAP (Lightweight Directory Access Protocol).
Auth Token Lifetime (hours) Defines how long tokens can exist. 0 - means no expiration.
Only one auth token per user Users won't be able to be logged in on multiple devices simultaneously.
Auth Token Max Idle Time (hours) Defines how long since the last access tokens can exist. 0 - means no expiration.
2-FACTOR AUTHENTICATION
Enable 2-Factor Authentication Enable/disable two factor authentication. Note: Users will need an authenticator application. i.e., Google Authenticator.
Available 2FA methods Available 2FA methods are:

  • Email
  • SMS
  • TOTP (Time-based One-Time Password)
.
Force admin & regular users to set up 2FA Enables/disables the enforcement of two factor authentication for both Administrators and Regular Users.
PASSWORDS
Length of generated passwords Defines the length of system generated passwords.
Minimum password length Defines the minimum length of password that Users can create.
Number of letters required in password Defines the number of letter characters required in a password.
Password must contain letters of both upper and lower case Defines that a User created password must contain a combination of both upper and lower case letter.
Number of digits required in password Defines the number of numeric digits required in a password.
Disable password recovery Disables the password reset functionality.
Disable password recovery for admin users Disables the password reset functionality for system administrators.
Prevent email address exposure on password recovery form It won't be possible to determine whether a specific email address is registered in the system.
Disable password recovery for internal users Only portal users will be able to recover password.

Note: Disabling the password recovery remove the 'Forgot Password' link on the login page. Refer to the following images.

Mythradon Password Recovery Enabled/Disabled

Top

Setting Up 2FA

Mythradon supports the following 2-factor authentication methods:

  • TOTP
  • Email
  • SMS

There are separate processes for setting up 2FA for Standard Users and Portal Users. The following instructions are specifically for Standard Users. Click here for 2FA setup instructions for Portal Users.

There are a few steps required to setup 2FA within Mythradon.

  1. Your System Administrator needs to Enable 2FA and the supported 2FA Methods within your instance of Mythradon
  2. Individual Users need to Enable 2FA and select their preferred 2FA Method within their profile
  3. Install an authenticator application (Only required if the TOTP 2FA method is selected by the user in their profile)

1. System Administrator 2FA Setup

2FA can only be enabled in your system by a System Administrator.

  • Select Administration | Authentication from the Menu Button
  • As per the following image:
    • Enable the Enable 2-Factor Authentication setting
    • Select the Available 2FA methods that you want your users to be able to use
    • Click the Save button to commit the changes

2FA Settings

2. User Preference 2FA Setup

Each user will need to perform the following:

  • Select Your User Name from the Menu Button
  • Click the Security button
  • Select Enable 2-Factor Authentication
  • Select the preferred 2FA Method
  • Click the Apply button

User Preference 2FA Settings

Note: The 2FA Methods that will be available for the user to select from are the 2FA Methods that have been enabled by the System Administrator in the Mythradon Administration | Authentication settings.

The user will then be required to re-enter their current password

  • Click the Apply button
  • Copy the Secret value as shown below. You will need to create an entry in your 2FA Authenticator application using this secret value.

2FA QR Code

Top

Logging in as Another User

System Administrators can log in as a Regular user without requiring their password, which is a helpful feature for providing customer service. However, it's important to note that this feature does not allow a System Administrator to log in as another System Administrator.

By default, this feature is not enabled in customer accounts, but you can contact Mythradon Support to have it enabled if needed.

To use this feature (Once Enabled):

  • Select Administration | Users from the Menu Button
  • Filter and select the required User
  • Select Log In from the tool bar button at the top of the User Detail View

Log In As Another User Button

This will display the following dialog containing a link to the login as another user page.

Log In As Another User Dialog

As the message suggests it is best practice to open the link in incognito mode. You can quickly achieve this on most browsers using the right mouse button menu as per the following image:

Log In As Another User Dialog In Incognito Mode

The user will then be presented with the Mythradon Login Page with the Log In as... displayed. Use your System Administrator password to authenticate.

Note: If you have the setting Only one auth token per user set in the Administration | Authentication and you use this new feature to login as another user, you will log the other user out of their current session.

Top

OpenID Connect

Mythradon support the ability to authenticate with identity providers that support OpenID Connect (OIDC).

Features:

  • Optional User creation.
  • With Mythradon's team mapping feature, teams can be synchronised with groups, teams, or roles in the identity provider
  • Mythradon allows for the synchronisation of user profiles and teams, which can be set to occur optionally upon each login
  • Mythradon offers the capability to select a specific claim that will serve as the username for authentication purposes
  • Both regular users and administrators have access to fallback login in Mythradon
  • OpenID Connect can be disabled for System Administrators
  • When a user logs out of Mythradon, a logout redirect is implemented to ensure that the identity provider session is cleared
  • Mythradon provides a backchannel logout feature that enables administrators to forcibly log out a user. Use the: api/v1/backchannelLogout endpoint.
  • The following signing algorithms are supported by Mythradon: RS256, RS384, RS512, HS256, HS384, and HS512.

Details:

  • Portal Users are not supported.
  • Mythradon's 2FA might not be compatible with certain identity providers that don't allow the reuse of authorisation codes.
  • In certain scenarios, it may be necessary to increase the length of the userName field to up to 255 characters. By default, Mythradon has a limit of 50 characters for this field.

Top

See also

Top