DetectID in the Cloud for SugarCRM User Guide · DetectID in the Cloud for SugarCRM User Guide...

DetectID in the Cloud for SugarCRM

User Guide

Software version: 1.0.0

Document version: 1.0

November 2011

http://www.easysol.net | [email protected]

Here you will find all the documentation related to the modules in

DetectID in the Cloud for SugarCRM that will help you understand it

and use it. Please read all the documentation before starting to use it. Should you have more questions or doubts, please contact us

[email protected] and we will get in touch with you.

This section will help you find all the information

about different procedures that may be required to use this module.

1. Introduction

2. Installation 3. Activation of the Module

4. The Login Process

5. Recovering Forgotten Password and User Wizard

6. Steps to disable and enable DetectID in the Cloud for SugarCRM module

7. Uninstalling and Deleting the Module 8. Frequently Asked Question

DetectID Users

This module will help you administer the users from SugarCRM that have enrolled machines. You may

also activate, deactivate or delete machines previously registered.

DetectID Configuration

This module is the core operation of DetectID in the Cloud for SugarCRM, since here you will set the

users with permission to enroll machines, configure

the email server for OTP validation and several more options.

http://192.168.243.81/SugarP/index.php?module=detid_users&action=det_help

http://192.168.243.81/SugarP/index.php?module=detid_users&action=det_help


Introduction

What is DetetectID?

The DetectID in the Cloud for SugarCRM module is a product

that adds security to the way users log in a SugarCRM instance

by using DetectID in the Cloud technology. DetectID in the Cloud is an authentication solution that implements an

integration scheme that uses second factor authentication mechanisms.

The second factor mechanism consists of the presentation of another type of additional evidence that helps demonstrate that

a person is actually who he or she claims to be. That is to say, the second authentication factor allows adding another validation

process to the ones initially required to improve information security and protection. An example of this could be the entrance

to some office buildings, where the employee first has to show the authorization ID and put the index finger on a biometric

system for his or her identification and entrance. Another case would be the ATMs, where in order to withdraw money the

person must use a debit card and enter a PIN (Personal Identification Number), so the transaction is successful.

Second authentication factors are mainly based on the following three elements:

1. Something you have: credit cards, physic tokens, or IDs.

2. Something you know: password or PIN.

3. Something you are: the person identity is evaluated through a finger print, iris recognition or face recognition.


What does the DetectID in the Cloud for SugarCRM Module do?

The second authentication factor used by DetectID in the Cloud

for SugarCRM is based on device recognition (something that you have). This mechanism allows enrolling the machine the

user is using to log in SugarCRM and permit access to previously

enrolled machines.

The usual authentication fase in SugarCRM is based on User ID credentials verification. When installing DetectID in the Cloud for

SugarCRM module, a security layer between user login process

and entrance is added. The following graphic allows better understanding the objective of the module:

Usual entrance to SugarCRM process:

Entrance to SugarCRM process after installing DetectID in the Cloud for SugarCRM module:


These are the general steps to allow user entrance once the module has been installed:

1. On the first Login screen, the existence of the username in

SugarCRM is verified.

2. Once user existence in SugarCRM has been successfully verified, the second login screen is showed. In this section, DetectID in the Cloud client component (Java Applet) is

launched with the purpose of obtaining the machine ID. This applet has been digitally signed, so a message asking

for permission to execute it will be shown. This message

must be accepted to execute the applet, so the user is able to enter SugarCRM. If the applet execution is not

successful, the user will not be able to access. (For more information on Login, click here) Once the user has written

the password and clicked on the Login button on the form, it is verified whether the password is correct. That is to

say, it is verified if it is related to the username entered in the previous step. It is important to highlight that the

module is not in charge of creating the session, since this is what SugarCRM does. The module only verifies

credentials to check if the user exists.

3. When password verification is successful, the machine used by the user to access SugarCRM is validated. If the user does not have an enrolled machine, the module will

provide the possibility of enrolling it. During the machine enrollment process, the user will be asked to enter a

description and if the option “Enroll the machine through OTP” has been activated by the administrator, the key sent

to the user email must be entered. Once description data

(and if the OTP option was activated) is complete and the user clicks on the Enroll button, data will be sent to the

server. If the process is not successful, user will not be allowed to the authentication stage (session creation), but

he or she will be automatically redirected to the fist Login screen. On the contrary, if the machine validation process


is successful, step four will be started. If the user is accessing with an already enrolled machine, it is validated.

If this process is not successful, the user will be redirected to the first login screen; if it is successful, the next step

continues.

4. The credentials that were previously evaluated by the

module are now sent to SugarCRM authentication layer to generate the session and all the information relevant to

allow application access.

Key Concepts

DetectID in the Cloud: server DetectID in the Cloud for SugarCRM module communicates with for validation and

machine enrollment processes.

OTP: One Time Password. It is a type of second factor authentication which uses a temporal password that cannot be used for a second time for authentication. If this option was

activated in the DetectID Configuration when the machine was enrolled, the OTP will be sent to the user email in order to

continue with the enrollment process.

DetectID in the Cloud Client Component: Java applet that allows identifying the machine the user is using to try to enter SugarCRM to validate machine enrollment processes.


Synchronization Options

Enrollment or user validation operations are performed through the web services exposed by DetectID server (it is important to remember

that DetectID is the technology used by the DetectID in the Cloud for SugarCRM module. Therefore, when talking about DetectID we are

referring to the server). When an user enrolls a machine, this information is sent to the DetectID database and the SugarCRM

database.

Since there are two data bases holding the same information, it could happen that either of them could have information the other could not.

For this reason, the option “Synchronize DetectID Users” was created

to bring from the DetectID server all data from users who have enrolled machines. This option also rewrites it in the SugarCRM

database, thus the information is always updated.

This operation is not mandatory and it only has to be performed when local data from users with enrolled machines and their properties in

SugarCRM need to be reset, in order to obtain the information in the DetectID server. Response time in this operation is strictly related to

the amount of users with enrolled machines.


In the detailed view in the section DetectID Users you will also find the

option “Synchronize User”, which allows bringing enrolled machines

information from the current user from DetectID server to write it in the SugarCRM database.


In the synchronization process, the option of eliminating users that are no longer in SugarCRM but were listed in the DetectID in the Cloud for

SugarCRM module is also executed (from the DetectID in the Cloud server side).


Installation

IMPORTANT:

If the DetectID in the Cloud for SugarCRM module is already installed, do not attempt a new installation by rewriting the old version, first uninstall the

DetectID in the Cloud for SugarCRM module and then install the new version. For the steps on how to uninstall the DetectID in the Cloud for SugarCRM

module click here

Requirements

The next requirements are necessary for the successful installation of the module DetectID in the Cloud for SugarCRM in the instance of SugarCRM:

1. Have installed SugarCRM 6 or a later version. 2. The relational database management system used in SugarCRM

should be MySQL. The version of MySQL is the one supported by the version of SugarCRM installed.

Starting

1. Login to SugarCRM:


2. Once you are in, click on the Admin link located in the upper right corner of the screen, as shown in the next image:

3. After the page is loaded, go to the Developer Tools section, near

the end of the page. Inside this section click on the Module Loader link:


4. In the Module Loader you'll find a button called Browse that is used to load the module that is going to be integrated with

SugarCRM:

5. Once you have clicked in the Browse button, a file dialog will be

opened. Browse to the location of the module, click on it and press the Open button:


6. After the file has been selected, click on the Upload button:

7. The module will be now in the list below the Upload button with details such as version, date published, type, description, etc. In

order to install it, click on the Install button:


8. The first step of the installation is to read and accept the License Agreement of the module. After reading it, click on Accept and

after that click on the Commit button:

9. The installation process will start and a progress bar is displayed. Optionally, you can click on the Display Log link to see more

details about the installation process. Now click on the Back to Module Loader button:


10. Now the module is located in the list of installed extensions of the SugarCRM system:


Activation of the Module

After you have installed the module DetectID in the Cloud for SugarCRM, it's necessary to activate the license key in order to access the module

services.

To activate the license follow these steps:

1. Click in the Admin link located in the upper right corner of the screen, as shown in the next image:


2. After the page is loaded, go to the DetectID in the Cloud for SugarCRM section at the end of the page and click on the option

DetectID Configuration:

3. The DetectID Configuration form will appear with all the fields

disabled because the license key has not been activated. Click on

the Enter License Key button:


4. A new text field will appear. Enter the license you were given and click on the Activate button:

5. If the license is correct, a message will show that is valid (like the

image below). You should now activate the next options:

o - Allow machine enrollment

o - Activate machines after enrollment

This initial configuration will allow the users to enroll their machines and since the machines will be activated (due the second option)

they can enter into SugarCRM.

Finally, click on the Save button to keep this configuration:


Updating the Current License:

If the license has expired or you want to change from a Demo license to an Enterprise license, click in the Update License Key and a text field

will appear again. Enter the new license and click on the Activate button

(A popup message will show a warning asking if you want to change the current license, click OK to continue).


The Login Process

Once you have installed the DetectID in the Cloud for

SugarCRM module, the users from SugarCRM can start

enrolling their machines.

One important change you will find is that the login process has

been divided in two sections, one for the username and other for the password.

The username screen will be the following:

In here you have to enter a valid username and click on the

Continue button.

Then, the password screen will be loaded:


Wait until the applet has loaded. The applet window will look

like the next image: (If you have already trusted the certificate of the applet, the dialog on the next image won't appear, since

the applet will run automatically, and you can continue to enter a valid password)

Click on the Run button (if the checkbox 'Always trust content from this publisher' is checked and you click on the Run button,

the next time you log in the dialog box of the applet won't appear, since the applet will run automatically). Then, click on

the password screen to enter a valid password and click on the Log In button.


If the username and password are valid and you are using an already enrolled machine, you will be redirected to SugarCRM

where you can start working. If this is the first time you log in and you don't have enrolled the machine you're using, after the

password page you will be redirected to the following screen:

Here you will be asked if you want to enroll the current

machine you are using. If you click No, you will be taken to the username page.

The following screens will be displayed if the options Use OTP

(One Time Password) for enrollment of machines and

Activate machines after enrollment in the DetectID Configuration are on or off.

1. If Use OTP (One Time Password) for enrollment of

machines is ON:

After you have clicked Yes on the screen with the

question "Do you want to enroll this machine?" the following page will be shown:


The image above is an example where "Jim" is the user, but once the user gets to this stage his/her data will

show here. Once you have clicked on the OK button:

The description field is the text you assign to the machine you are using to differentiate it from others machines. If you enter a duplicated description, an error message will

be shown, allowing you to enter a new description.

In the One Time Password field you should enter the

OTP you received in the email. Remember that the number of tries you have depends on the option

Maximum number of retries in the configuration of DetectID. If you exceed this number, you will be taken to

the username page with an error message. If this happens you can re-start the enrollment process and a

new OTP will be sent to your user's email.

If you click in the Cancel button, you will be taken to the username page.

1.1. If the option Activate machines after enrollment is ON and you click on the Enroll button, the

machine will be enrolled.


After this process the next screen will be shown:

The machine has been successfully enrolled. Click on the OK button to continue to SugarCRM.

1.2. If the option Activate machines after enrollment is OFF and you click on the Enroll button, the

machine will be enrolled, but will be deactivated.

After this process, the next screen will be shown:

When you click on the OK button, you will be sent to the

username page.


2. If Use OTP (One Time Password) for enrollment of machines is OFF

After you have clicked Yes in the screen with the

question "Do you want to enroll this machine?" the next page will be shown:

The description field is the text the user assigns to the machine he/she is using to differentiate it from others

machines. If you enter a duplicated description, an error

message will be shown allowing you to enter a new description.

If you click on the Cancel button, you will be taken to the username page.

2.1. If the option Activate machines after enrollment

is ON and you click on the Enroll button, the machine will be enrolled. After this process, the next screen will be

shown:


The machine has been successfully enrolled. Click on the

OK button to continue to SugarCRM.

2.2. If the option Activate machines after

enrollment is OFF and you click on the Enroll button, the

machine will be enrolled, but it will be deactivated.

After this process, the next screen will be shown:

When you click on the OK button, you will be sent to the username page.


Recovering Forgotten Password and User Wizard

There are two main ways of recovering a forgotten password:

1. In the Login:

Once you have passed the username page and you are in

the password page, you'll notice that there is a link below the Log In button called Forgot Password? If you click on

it, you will be shown the next image:

In the field User Name type your username. In the field

Email Address type the primary email of your user. Click on the Submit button and the information to recover your

password will be sent to the email specified in the previous

field.

If you check your email you will get an URL that will let you

reset the password. Once you've entered this URL, the following image will be shown:


Type your username and fill the rest of the form with the new password you want for your user. Click on the Log In

button and you will be redirected to the Username page.

2. DetailView of the Users Module

If you are an administrator and you are in the Users module

you will see the list of all the users of SugarCRM. If you click on any of them, you will end up in the DetailView of the

user you have selected. At the top left corner of this view, you will see the button Reset Password. If you click on it,

a message will be displayed telling you: "An email was sent to the user containing a system-generated password". The

selected user will receive in his/her email get a temporary password that can be used to enter and change the

password for a new one.

User Wizard

Every time a new user enters for the very first time in SugarCRM,

once he/she has passed the login area, a wizard will be displayed asking for some information about the user.


This wizard behaves in a slightly different way from the default

wizard, once you have installed Detect in the Cloud for SugarCRM. The only difference is that once the wizard has finished, the user

won't go directly into SugarCRM, but instead will be is redirected to the Login page again.


Steps to disable and enable DetectID in the Cloud for SugarCRM module

1. Click on the Admin Word in the upper right corner of the screen:

2. Once the page is loaded, go to the Developer Tools section. In this

section, click on the option Module Loader:


3. The DetectID in the Cloud for SugarCRM module will be in the extensions list. Click on the Disable button:

4. Choose the option Accept and then click on the Commit button


5. A progress bar will be displayed while the module is disabled. When it reaches the 100%, click on the Back to Module Loader button:

6. In the extensions list you will find the disabled module.

The steps to enable the module are exactly the same, except for step 3, where the button to click on is the Enable button. In step 6, the module

will be enabled.


Uninstalling and Deleting the Module

IMPORTANT:

Before you proceed with the uninstallation of the module, read the entry

of the FAQ where it explains an important issue in this process.

In order to uninstall the module from SugarCRM, please follow these

steps:

1. Click on the Admin link located in the upper right corner of the

screen, as shown in the next image:


2. After the page is loaded, go to the Developer Tools section, near the bottom of the page. Inside this section, click on the Module

Loader link:

3. The DetectID in the Cloud for SugarCRM module would be in the list of installed extensions. Click on the Uninstall button:


4. Next click on the Commit button:

5. At the end of the process, the progress bar should be in the 100%. Now click on the button Back to Module Loader:


6. Even though the process of uninstalling the module is finished, it remains listed below the upload button, since it's possible to

reinstall it at any point by just pressing the Install button and follow the instructions.

If you want to completely remove the module from SugarCRM, click

on the Delete Package:


7. A message will appear asking for confirmation, click on the OK button to proceed:

8. After this, you will notice that the module is not listed anymore:


Frequently Asked Question

1. When I disable the module in the Module Loader, why do the

login screens remain divided?

The login screens are divided so that the risk of success of brute

attacks, dictionary attacks or any combination of both is reduced.

When you disable the module, it only affects the elements inside SugarCRM (once you're login). Therefore, the login screens won't change. If the module is disabled through the Module Loader, the

login process used will be the default one from SugarCRM; but if the module is enabled through the Module Loader, the second factor for

authentication from DetectID in the Cloud for SugarCRM will be used

in the login process.

If at some point you uninstall the module, the login screen will

return to its normal state (it will be just one screen).

2. If I remove or delete the module, all the users and their enrolled machines information will be lost?

No. All data regarding DetectID Users and their enrolled machines

will be kept in the DetectID in the Cloud for SugarCRM server. The

local database used by the module has two main purposes: work as a cache system for the Model View Controller of SugarCRM and keep

the information of the module DetecID Configuration saved, so every time you or other user logs in, the configuration can be

remembered.

When you delete the module and the local tables are deleted, the

only information lost will be the settings in the DetectID Configuration module.


3. I migrated my SugarCRM instance to another server. How can I export and import all the information from the previous

DetectID in the Cloud for SugarCRM module to the new one?

Actually, there isn’t any action or option to import data from the module (although you can export the list of users from the DetectID

Users module, but this option was thought only for report

purposes), because all the information is saved in the DetectID in the Cloud for SugarCRM server and all you have to do to bring all

the information to the new instance of SugarCRM is to enter the License Key (after installing the module) from the previous instance

and all data will be retrieved.

If you have a new user in this instance of SugarCRM (compared to

the previous one), when this user logs in (assuming that the enroll options from the module are on) the enrollment process will start.

The only information you'll have to re-enter is all the settings in the DetecID Configuration module.

4. Why is not the applet executed when I use the main administrator of SugarCRM to log in?

The main administrator or the user, with id = 1, is the only user that can enter SugarCRM without the use of the second factor for

authentication (even when the module is on). It was designed this way in case something goes wrong with the service or the

enrollment process, so this administrator can enter into SugarCRM, fix the problem and restore the normal function of the module.


5. What does the message 'An unexpected error has occurred. Please contact the administrator for further information'

mean?

This message means that a problem with the server or the module has been found. To better understand the error, you can check the

log of your SugarCRM instance; all the entries that have DETID in

the log are produced by the module. The structure of the module's log is:

[Date][Log level] DETID - [Name of the File or Location of the File] - [Name of the

Function where the problem was detected][Description of the error]

An example would be:

18/2/2011 9:11:11 AM [2744][1][FATAL] DETID - detid_config - checkKey. The

current License Key is NOT valid

6. When I uninstall DetectID in the Cloud for SugarCRM module,

the progress bar stops at 25% and the last log line says Rebuilding administration Section, showing the following

error: Fatal error: Call to a member function read() on a non-object in

E:/.../sugarDirectory/ModuleInstall/ModuleInstaller.php on line 1629 ModuleInstaller->dir_file_count(???)

This error is related to some versions of SugarCRM, in which at the moment of uninstalling the DetectID in the Cloud for SugarCRM

module the process starts by eliminating the files located in the custom folder of the SugarCRM file structure. Then, in a later

process, it once again tries to eliminate them, but since they were already erased, the previous error is generated.


Follow the next steps to verify if your SugarCRM version has this bug:

(This operation must be performed by the administrator or the person with access to the SugarCRM files hosted in the server.)

1. Open the file "SugarFolderInstallation/ModuleInstall/ModuleInstaller.php"

2. Go to the section where the private function dir_file_count is located

3. Verify that the line if(!is_dir($path)) return 0; is in the function.

The final function will look like this:

private function dir_file_count($path){

//if its a file then it has at least 1 file in the directory

if(is_file($path)) return 1;

if(!is_dir($path)) return 0; // This is the line!

$d = dir($path);

$count = 0;

while ($e = $d->read()){

//ignore invisible files . .. ._MACOSX

if(substr($e, 0, 1) == '.')continue;

if(is_file($path . '/' . $e))$count++;

if(is_dir($path . '/' . $e))$count += $this->dir_file_count($path . '/' .

$e);

}

$d->close();

return $count;

}

This problem has already been solved in the latest versions of SugarCRM and you can verify by yourself the location of the line in

blue in the previously mentioned function.


7. Sometimes, there are two DetectID in the Cloud for SugarCRM users with the same name in the LastView bar.

When selecting one of them, the following message is shown: “Error retrieving record. This record may be deleted

or you may not be authorized to view it.”

To solve this problem, execute the option “Synchronize DetectID

Users” in the actions menu in the DetectID Users module:


8. When I am looking at some of the dates related to Last Connection, Start Date or Date Added, they are different to

the actual time and date in my computer.

The time of worked dates in the DetectID in the Cloud for SugarCRM module depends on the TimeZone in the user preferences

that was selected when executing the initial Wizard in the login process.

9. What does the message DetectID Server Connection with an

icon in front of that is shown on the password screen?

This icon is only shown to SugarCRM administrator users and allows

identifying the state of the connection of the DetectID in the Cloud for SugarCRM module with the DetectID in the Cloud server. If there

is a green check mark, it means the connection is working correctly: if there is a red check mark, it means there was a communication

problem and users that try to access from now on will not be able to do it. To solve this situation, please read the following entry.


10. When logging in, the following message is shown: The module DetectID in the Cloud for SugarCRM is not active. At

the moment you cannot login. Please contact the administrator for further information.

This message is displayed when there is a communication error

between DetectID in the Cloud server and DetectID in the Cloud for

SugarCRM module, restricting access to all users, except for the main administrator. This administrator can enter and deactivate

(disable) the module from the Module Loader section. This way all users will be able to access, but DetectID security is removed. Once

the communication with the DetectID in the Cloud server has been reestablished, any SugarCRM administrator will be able to access

and activate again the DetectID in the Cloud for SugarCRM module, reestablishing security when users log in.

How do I know when communication with DetectID servers has been reestablished?

When SugarCRM administrators start the logging process, a

message will be shown at the bottom of the second screen (where password is entered): DetectID Server Connection and in front of it

an icon with the state of the connection between DetectID server and DetectID in the Cloud for SugarCRM module will appear. Once

there is a green check mark in front of the message, the module can

be enabled and the security of the logging process will be reestablished.


11. Why don't I receive OTP emails when I'm enrolling a

machine?

First, go to DetectID Configuration and make sure the option Use

OTP (One Time Password) for enrollment of machines is on and the fields of the section One Time Password Mail

Configuration (OTP) are properly filled.

Second, make sure you have added an exception in your spam filters for the next mail server configuration:

Server Name: mail.easysol.net

Server IP: 66.45.255.219 Account: [email protected]


DetectID Configuration

Enable DetectID: use this option to turn on or off DetectID. This is the

fastest option to disable DetectID in SugarCRM without the need of uninstalling the module. Once this option is off, the instance of

SugarCRM will not be using DetectID in the Cloud for SugarCRM as a second factor for authentication. Even if this option is off, the login page

will remain divided, but the login process will be the same as the default of SugarCRM.

Allow machine enrollment: in the login process, a new user from

SugarCRM will be asked if he/she wants to enroll the current machine he/she is using. If this option is off, the users of SugarCRM won't be

able to enroll new machines. If there is an attempt to enroll a machine when this option is off, the user will be redirected to the login page

showing an error message. Only the users that have already enrolled

machines will be available to enter SugarCRM through these enrolled machines.

Main Administrator: all the administrators from SugarCRM will be

listed in this checkbox. The administrator that is selected is the one that will receive all the emails and notifications related to DetectID in the

Cloud for SugarCRM. An example of this situation is when a user has enrolled a machine, but this one has not been activated.

Email of the administrator: all the emails of the administrator that

has been selected in the previous step will be listed in this checkbox. All the notifications and emails will be sent to these accounts.

Activate machines after enrollment: when this option is off, at the

moment a user enrolls a machine this one will be deactivated and the

user won't be able to log in into SugarCRM using this enrolled machine. When this situation happens, an email is sent to the main administrator

reporting this incident, so he/she (the administrator) can decide whether to activate or not the machine of the user.

Use OTP (One Time Password) for enrollment of machines: One

time password is a temporary password that once used, expires. This option allows a more secure process at the moment of enrolling a

machine. The SugarCRM user will receive an email containing the information of the OTP in order to use it in the enrollment process. For

this reason, it's important that the users from SugaCRM have a valid


email. Once this option is on, the whole ‘One Time Password Mail

Configuration (OTP)’ will be enabled.

Use OTP (One Time Password) for enrollment of machines One time password is a temporary password that once used, expires.

This option allows a more secure process at the moment of enrolling a machine. The SugarCRM user will receive an email containing the

information of the OTP in order to use it in the enrollment process. For this reason, it's important that the users from SugaCRM have a valid

email.

Once this option is on, the whole One Time Password Mail

Configuration (OTP) will be enabled.

The emails will be sent using EasySolutions mail server, please add an exception in your spam filters with the next settings in order to receive

emails successfully:

Server Name: mail.easysol.net Server IP: 66.45.255.219

Account: [email protected]

Maximum number of machines allowed for user: this option will set the initial number of machines the users from SugarCRM will be able to

enroll. This number can be changed for any user from SugarCRM

through mass update or individual modification in the DetectID Users module. Note: This option doesn't update the previous number of

machines enrolled for users that have already enrolled machines. For example: the initial Maximum number of machines allowed for user is 8

and for instance 20 new users from SugarCRM enrolled their machines. At this point, those users can only enroll 8 machines and no more. Now,

if 30 new users from SugarCRM enrolled their machines when the Maximum number of machines allowed for user was 5, then each of

these 30 new users will be able to enroll only 5 machines, but the previous 20 users will remain with 8 machines to enroll and not 5.

DetectID Users Restriction List: here you will find two lists: one

containing all the users from SugarCRM; the other with the users that won't use DetectID in the Cloud for SugarCRM as a second factor of

authentication, who will instead use the normal authentication process

of SugarCRM. You can select one or more users from the left list (users from SugarCRM) and click the forward button (the one with two greater-

than signs) that is in the middle of the two lists, and the users from SugarCRM will be passed to the Restricted Users list. You can remove


one or more users from the Restricted Users list by selecting the user(s)

and clicking on the Remove button. If you want to remove all the users from the Restricted Users list, just click on the Remove All button

without the need of selecting any users.

Generated OTP Length: this field allows you to specify the length of the OTP that is generated at the moment of the enrollment process.

This number can't be greater than 25 or less than 0.

Maximum number of retries: upon entering the OTP at the end of the enrollment process (here, we are assuming that the checkbox Use OTP

(One Time Password) for enrollment of machines is on, because otherwise at the end of the enrollment process you won't have to enter

an OTP, just the description of the machine you're enrolling), you have a certain number of tries before the OTP becomes invalid. This field

(Maximum number of retries) will determine the amount of tries you will

have at the end of the enrollment process with OTP. This number can't be greater than 10 or less than 0.

Type of characters to generate the OTP: this option is used to

determine if the OTP will have lowercase or uppercase letters. If the Numeric option is selected in the Combination of characters to generate

the OTP field, this checkbox will be disabled.

Combination of characters to generate the OTP: determines if the

generated OTP will use numbers or letters or any combination of both.

Message subject: the subject in the OTP email that the users will receive.

Template Editor

In this template editor you can change the text that contains the notifications about the creation of OTPs and will be sent to the user's

email.

The editor allows the use of predefined tokens for automatic insertion of texts, for example, if you want the application to enter the user’s name

automatically in the email message, use the $CLIENT_NAME token, this token will be replaced automatically by the application at the moment of

sending the email.


Tokens supported by the editor:

$CLIENT_NAME: Name of the user who will receive the email

$CLIENT_MAIL: Email address of the user $DATE_TIME: Date and time at which the OTP will be sent

$OTP: OTP generated code

A template example will be:

The system has generated an one time password (otp) that will help

you enroll this machine. Below you will find all the necessary information:

Username: $CLIENT_NAME Email: $CLIENT_MAIL

Time of the request: $DATE_TIME Password: $OTP

But the user will see it like this:

The system has generated an one time password (otp) that will help you enroll this machine. Below you will find all the necessary

information: Username: jim

Email: [email protected] Time of the request: Thu Apr 14 10:01:19 2011

Password: ws7nbkw3dvfl

DetectID in the Cloud for SugarCRM User Guide · DetectID in the Cloud for SugarCRM User Guide...

Documents

Transcript of DetectID in the Cloud for SugarCRM User Guide · DetectID in the Cloud for SugarCRM User Guide...