Adxstudio Portals TrainingAuthentication Options

Authentication

Configurable and Easy

Different Authentication modes can be

mixed and matched. You don’t have to choose one or

the other

Services Provided Include:Local (username/password) user sign-in

External (social Provider) user sign-in

Two-Factor authentication with email or SMS

Configured with Site Settings – Full list available in documentation

ADFS or Custom Open ID/Oauth providers can also be implemented using ACS or Open Auth

Local Authentication

•Username and Password stored in the CRM

• Password is a hidden, encrypted field

• Simply Switch it on or off using the Site Setting:

Authentication/Registration/LocalLoginEnabled

Lost Password Reset

• If a user forgets their password, they can choose to have a password reset email sent to them

• Requires the site setting:Authentication/Registration/ResetPasswordEnabled

Changing a Password

• A user can change their password at any time. The username cannot be changed after it is set.

• If an administrator wants to reset the password in the CRM, run the “Change Password” dialog

Federated Authentication

• The user selects an identity provider such as:• Windows Live ID, Google, Facebook, etc.

• The user is authenticated by the identity provider• If successfully authenticated, the user is returned to the portal• A user recognized as a returning/registered user becomes an authenticated

user of the portal• The token returned by identity provider to identify the user is stored within

CRM, as an ‘External Identity’ record• Users can have any number of external identities enabled• Username stores the Identity Token• Also Stored is the Identity Provider itself

• To enable External Identity must set the following site setting to true:Authentication/Registration/ExternalLoginEnabled

Manage External Accounts• A single identity from each of the configured identity providers can

be connected

• Identity Providers are configured Individually with site settings

• Allows for OAuth2 Social Providers, and WS-Federation Providers including ADFS and Azure ACS

• Once connected, the user may choose to sign-in with any of the connected identities

• Existing identities can also be disconnected as long as a single external or local identity remains

Connecting External Accounts

• Choose from a list of enabled providers, and connect one or more to your user account

OAuth2 Providers

• The OAuth 2.0 based external identity providers involve registering an "application" with a 3rd party service to obtain a "client ID" and "client secret" pair

• The client ID and client secret are configured as portal site settings in order to establish a secure connection from relying party to identity provider

Providers Supported:• Microsoft Account• Twitter• Facebook• Google• LinkedIn• Yammer• Yahoo

WS-Federation Providers

• A single AD FS server can be added (or another WS-Federation compliant security token service, STS) as an identity provider

• In addition, a single Azure ACS namespace can be configured as a set of individual identity providers

• The Setup is involved, but well-documented on the Adxstudio Community Portal

Two-Factor Identification

•When enabled, increases security by requiring proof of ownership of a confirmed email or mobile phone

• The first time the user attempts to sign in on a device, they will be sent a security code to their email or mobile device, they will need to submit this to sign-in

• If the Portal is set to remember browser, this will only happen once per browser, per device

• Site Settings:Authentication/Registration/TwoFactorEnabled

Authentication/Registration/RememberBrowserEnabled