Configuration of authentication parameters can be found in Settings tab in Authentication section of the console installed locally on the same machine as server.
It contains settings regarding:
- rules of password format,
- saving login details,
- multifactor authetication.
Multifactor Authentication:
Once multi-factor authentication (MFA) is enabled, each administrator must complete two login stages to successfully authenticate with the Axence ConnectPro console: entering the username and password and, once they are verified, an additional code sent to the administrator via email or SMS. Ddepending on the console’s configuration, one or both delivery methods may be available. Only after confirming the code correctness, the user will be granted access to the console.
MFA, if enabled, applies to all administrators logging in to the ConnectPro console. It is not possible to exclude a specific user or group from this requirement.
NOTE: If the ConnectPro console is located on the same device as the Axence ConnectPro server, logging in to it will always bypass the multi-factor authentication process. This ensures that access to the application can be recovered in case of a misconfigured MFA setup or expired OAuth tokens used for sending email or SMS messages.
Before turning on multi-factor authentication remember the following:
- All administrators logged in to consoles on remote machines will be immediately logged out and will be required to complete the multi-factor authentication process to continue working.
- Axence ConnectPro must be correctly configured to send email messages. Otherwise, no one will be able to log in to the application. We recommend testing email delivery in advance.
- Users without a valid email address will not be able to access the management console at all.
- Saving login credentials with no timeout will no longer be available.
- Emergency access to themanagement console without MFA is always possible by logging in to the console installed locally on the same machine as the Axence ConnectPro server.
The administrator can enable multi-factor authentication (MFA) by clicking the Disabled link (the default setting).
Next step is a confirmation of out choice by clicking the Enable button:
After enabling MFA, administrators can define which code delivery channels will be available to users.
By default, this is email:
At least one delivery channel must always remain available. If the administrator disables the only currently available delivery method, this will automatically disable the MFA requirement.
Authentication codes, whether sent by SMS or email, are valid for 10 minutes. A user may have a maximum of 5 active codes. If the user wishes to receive a new code, they must wait until one of the previous codes expires or is used.