Skip to main content

Cyware Threat Intelligence eXchange

Configure Username and Password as the Authentication Method

By default, the application provides the Username/Password authentication method for the users to sign in using their email ID and password. This authentication method requires users to provide a valid email ID and password combination as configured in User Management to sign in to the application.

To configure the Username/Password authentication method, do the following:

  1. Go to Administration > Configuration > Authentication.

  2. Select Username/Password and click Edit at the top-right corner.

  3. On the top-right, enable Activate Authentication.

  4. Enter the following details:

    • Password Policy: Click Show Details on the right and enter the following details to configure your password policy preferences:

      • Minimum Password Length: Enter the minimum number of characters that a password must include. The minimum password length should be at least 8 characters.

      • Reset Password After: Enter the days from the last password change after which users must reset their password. CTIX requests users to change the password after the specified interval expires. This value must be at least two days.

      • Remind to Reset Password Before: Enter the days before the password expiration day to notify users about the password expiry. Users receive an email notification to reset their passwords. This value must be at least 1 day.

      • Password Reuse Interval: Enter the count after which users can reuse a previously used password.

      • Password Character Combination: Select at least three of the following character types that must be included in the password:

        • Lowercase

        • Uppercase

        • Numbers

        • Special Characters

    • Forgot Password: Enable this option to allow users to click Forgot Password and reset their password from the sign-in page. If you disable this option, the Forgot Password? option will not be available on the sign-in page, and only administrators can reset the user passwords.

    • Authenticate for New Sessions: Enable this option to make an authentication session token valid for the current session only. Users must sign in again for every session to access CTIX from a new tab or window of the same browser.

    • OTP Expiration Time: Enter the OTP expiration time in minutes. Once expired, users must generate a new OTP. For example, 5 Minutes.

    • Password Link Expiration Time: Enter the expiration time in minutes for the password reset link. Once expired, users must request a new password reset link. For example, 60 Minutes.

    • Two Factor Authentication: Enable this option to authenticate the users using the username and password and a One-Time-Password (OTP). Two-factor authentication adds an extra layer of protection from accessing the applications. Select one of the following two-factor authentication types:

      • Email: Requires an OTP that is sent to the email ID of the user.

      • TOTP: Requires an OTP from the configured TOTP authentication application. Users must configure a TOTP authentication application from the sign-in page, such as Google Authenticator and Okta. For more information see Register TOTP Authenticator App

  5. Click Save.