adxstudio portals training authentication options
TRANSCRIPT
![Page 1: Adxstudio Portals Training Authentication Options](https://reader035.vdocuments.net/reader035/viewer/2022062301/5697c0121a28abf838ccbff5/html5/thumbnails/1.jpg)
Adxstudio Portals TrainingAuthentication Options
![Page 2: Adxstudio Portals Training Authentication Options](https://reader035.vdocuments.net/reader035/viewer/2022062301/5697c0121a28abf838ccbff5/html5/thumbnails/2.jpg)
Authentication
Configurable and Easy
Different Authentication modes can be
mixed and matched. You don’t have to choose one or
the other
Services Provided Include:Local (username/password) user sign-in
External (social Provider) user sign-in
Two-Factor authentication with email or SMS
Configured with Site Settings – Full list available in documentation
ADFS or Custom Open ID/Oauth providers can also be implemented using ACS or Open Auth
![Page 3: Adxstudio Portals Training Authentication Options](https://reader035.vdocuments.net/reader035/viewer/2022062301/5697c0121a28abf838ccbff5/html5/thumbnails/3.jpg)
Local Authentication
•Username and Password stored in the CRM
• Password is a hidden, encrypted field
• Simply Switch it on or off using the Site Setting:
Authentication/Registration/LocalLoginEnabled
![Page 4: Adxstudio Portals Training Authentication Options](https://reader035.vdocuments.net/reader035/viewer/2022062301/5697c0121a28abf838ccbff5/html5/thumbnails/4.jpg)
Lost Password Reset
• If a user forgets their password, they can choose to have a password reset email sent to them
• Requires the site setting:Authentication/Registration/ResetPasswordEnabled
![Page 5: Adxstudio Portals Training Authentication Options](https://reader035.vdocuments.net/reader035/viewer/2022062301/5697c0121a28abf838ccbff5/html5/thumbnails/5.jpg)
Changing a Password
• A user can change their password at any time. The username cannot be changed after it is set.
• If an administrator wants to reset the password in the CRM, run the “Change Password” dialog
![Page 6: Adxstudio Portals Training Authentication Options](https://reader035.vdocuments.net/reader035/viewer/2022062301/5697c0121a28abf838ccbff5/html5/thumbnails/6.jpg)
Federated Authentication
• The user selects an identity provider such as:• Windows Live ID, Google, Facebook, etc.
• The user is authenticated by the identity provider• If successfully authenticated, the user is returned to the portal• A user recognized as a returning/registered user becomes an authenticated
user of the portal• The token returned by identity provider to identify the user is stored within
CRM, as an ‘External Identity’ record• Users can have any number of external identities enabled• Username stores the Identity Token• Also Stored is the Identity Provider itself
• To enable External Identity must set the following site setting to true:Authentication/Registration/ExternalLoginEnabled
![Page 7: Adxstudio Portals Training Authentication Options](https://reader035.vdocuments.net/reader035/viewer/2022062301/5697c0121a28abf838ccbff5/html5/thumbnails/7.jpg)
Manage External Accounts• A single identity from each of the configured identity providers can
be connected
• Identity Providers are configured Individually with site settings
• Allows for OAuth2 Social Providers, and WS-Federation Providers including ADFS and Azure ACS
• Once connected, the user may choose to sign-in with any of the connected identities
• Existing identities can also be disconnected as long as a single external or local identity remains
![Page 8: Adxstudio Portals Training Authentication Options](https://reader035.vdocuments.net/reader035/viewer/2022062301/5697c0121a28abf838ccbff5/html5/thumbnails/8.jpg)
Connecting External Accounts
• Choose from a list of enabled providers, and connect one or more to your user account
![Page 9: Adxstudio Portals Training Authentication Options](https://reader035.vdocuments.net/reader035/viewer/2022062301/5697c0121a28abf838ccbff5/html5/thumbnails/9.jpg)
OAuth2 Providers
• The OAuth 2.0 based external identity providers involve registering an "application" with a 3rd party service to obtain a "client ID" and "client secret" pair
• The client ID and client secret are configured as portal site settings in order to establish a secure connection from relying party to identity provider
Providers Supported:• Microsoft Account• Twitter• Facebook• Google• LinkedIn• Yammer• Yahoo
![Page 10: Adxstudio Portals Training Authentication Options](https://reader035.vdocuments.net/reader035/viewer/2022062301/5697c0121a28abf838ccbff5/html5/thumbnails/10.jpg)
WS-Federation Providers
• A single AD FS server can be added (or another WS-Federation compliant security token service, STS) as an identity provider
• In addition, a single Azure ACS namespace can be configured as a set of individual identity providers
• The Setup is involved, but well-documented on the Adxstudio Community Portal
![Page 11: Adxstudio Portals Training Authentication Options](https://reader035.vdocuments.net/reader035/viewer/2022062301/5697c0121a28abf838ccbff5/html5/thumbnails/11.jpg)
Two-Factor Identification
•When enabled, increases security by requiring proof of ownership of a confirmed email or mobile phone
• The first time the user attempts to sign in on a device, they will be sent a security code to their email or mobile device, they will need to submit this to sign-in
• If the Portal is set to remember browser, this will only happen once per browser, per device
• Site Settings:Authentication/Registration/TwoFactorEnabled
Authentication/Registration/RememberBrowserEnabled
![Page 12: Adxstudio Portals Training Authentication Options](https://reader035.vdocuments.net/reader035/viewer/2022062301/5697c0121a28abf838ccbff5/html5/thumbnails/12.jpg)