Authentication¶
Overview¶
Mythradon provides a number of Authentication Settings that your system administrator can set to meet your business security needs.
- Select
Administration | Authentication
from the Menu Button - Edit the fields as required
- Click the
Save
button to commit the changes
Authentication Settings
Field | Description |
---|---|
CONFIGURATION | |
Authentication Method | Sets the Authentication behaviour to Mythradon's built in settings or using an external LDAP (Lightweight Directory Access Protocol). |
Auth Token Lifetime (hours) | Defines how long tokens can exist. 0 - means no expiration. |
Only one auth token per user | Users won't be able to be logged in on multiple devices simultaneously. |
Auth Token Max Idle Time (hours) | Defines how long since the last access tokens can exist. 0 - means no expiration. |
2-FACTOR AUTHENTICATION | |
Enable 2-Factor Authentication | Enable/disable two factor authentication. Note: Users will need an authenticator application. i.e., Google Authenticator. |
Available 2FA methods | Available 2FA methods are:
|
Force admin & regular users to set up 2FA | Enables/disables the enforcement of two factor authentication for both Administrators and Regular Users. |
PASSWORDS | |
Length of generated passwords | Defines the length of system generated passwords. |
Minimum password length | Defines the minimum length of password that Users can create. |
Number of letters required in password | Defines the number of letter characters required in a password. |
Password must contain letters of both upper and lower case | Defines that a User created password must contain a combination of both upper and lower case letter. |
Number of digits required in password | Defines the number of numeric digits required in a password. |
Disable password recovery | Disables the password reset functionality. |
Disable password recovery for admin users | Disables the password reset functionality for system administrators. |
Prevent email address exposure on password recovery form | It won't be possible to determine whether a specific email address is registered in the system. |
Disable password recovery for internal users | Only portal users will be able to recover password. |
Note: Disabling the password recovery remove the 'Forgot Password' link on the login page. Refer to the following images.
Setting Up 2FA¶
Mythradon supports the following 2-factor authentication methods:
- TOTP
- SMS
There are separate processes for setting up 2FA for Standard Users and Portal Users. The following instructions are specifically for Standard Users. Click here for 2FA setup instructions for Portal Users.
There are a few steps required to setup 2FA within Mythradon.
- Your System Administrator needs to Enable 2FA and the supported 2FA Methods within your instance of Mythradon
- Individual Users need to Enable 2FA and select their preferred 2FA Method within their profile
- Install an authenticator application (Only required if the TOTP 2FA method is selected by the user in their profile)
1. System Administrator 2FA Setup¶
2FA can only be enabled in your system by a System Administrator.
- Select
Administration | Authentication
from the Menu Button - As per the following image:
- Enable the
Enable 2-Factor Authentication
setting - Select the
Available 2FA methods
that you want your users to be able to use - Click the
Save
button to commit the changes
- Enable the
2. User Preference 2FA Setup¶
Each user will need to perform the following:
- Select
Your User Name
from the Menu Button - Click the
Security
button - Select
Enable 2-Factor Authentication
- Select the preferred
2FA Method
- Click the
Apply
button
Note: The 2FA Methods that will be available for the user to select from are the 2FA Methods that have been enabled by the System Administrator in the Mythradon Administration | Authentication settings.
The user will then be required to re-enter their current password
- Click the
Apply
button - Copy the
Secret
value as shown below. You will need to create an entry in your 2FA Authenticator application using this secret value.
Logging in as Another User¶
System Administrators can log in as a Regular user without requiring their password, which is a helpful feature for providing customer service. However, it's important to note that this feature does not allow a System Administrator to log in as another System Administrator.
By default, this feature is not enabled in customer accounts, but you can contact Mythradon Support to have it enabled if needed.
To use this feature (Once Enabled):
- Select
Administration | Users
from the Menu Button - Filter and select the required User
- Select
Log In
from the tool bar button at the top of the User Detail View
This will display the following dialog containing a link to the login as another user page.
As the message suggests it is best practice to open the link in incognito mode. You can quickly achieve this on most browsers using the right mouse button menu as per the following image:
The user will then be presented with the Mythradon Login Page with the Log In as...
displayed. Use your System Administrator password to authenticate.
Note: If you have the setting
Only one auth token per user
set in theAdministration | Authentication
and you use this new feature to login as another user, you will log the other user out of their current session.
OpenID Connect¶
Mythradon support the ability to authenticate with identity providers that support OpenID Connect (OIDC).
Features:
- Optional User creation.
- With Mythradon's team mapping feature, teams can be synchronised with groups, teams, or roles in the identity provider
- Mythradon allows for the synchronisation of user profiles and teams, which can be set to occur optionally upon each login
- Mythradon offers the capability to select a specific claim that will serve as the username for authentication purposes
- Both regular users and administrators have access to fallback login in Mythradon
- OpenID Connect can be disabled for System Administrators
- When a user logs out of Mythradon, a logout redirect is implemented to ensure that the identity provider session is cleared
- Mythradon provides a backchannel logout feature that enables administrators to forcibly log out a user. Use the:
api/v1/backchannelLogout
endpoint. - The following signing algorithms are supported by Mythradon: RS256, RS384, RS512, HS256, HS384, and HS512.
Details:
- Portal Users are not supported.
- Mythradon's 2FA might not be compatible with certain identity providers that don't allow the reuse of authorisation codes.
- In certain scenarios, it may be necessary to increase the length of the
userName
field to up to 255 characters. By default, Mythradon has a limit of 50 characters for this field.
See also¶
- Mythradon Basics
- Mythradon Marketing
- Mythradon Sales
- Mythradon Service
- Mythradon System Administration
- Mythradon Tools