Configure Username and Password as the Authentication Method
By default, the application provides the Username/Password authentication method for the users to sign in using their email ID and password. This authentication method requires users to provide a valid email ID and password combination as configured in User Management to sign in to the application.
To configure the Username/Password authentication method, do the following:
Go to Admin Panel > Configuration > Authentication.
Select Username/Password and click Edit at the top-right corner.
On the top-right, enable Activate Authentication.
Enter the following details:
Forgot Password: Enable this option to allow users to click Forgot Password and reset their password from the sign-in page. If you disable this option, the Forgot Password? option will not be available on the sign-in page, and only administrators can reset the user passwords.
Create Password for New Users: Enable this option to allow administrators to configure a temporary password while adding new users in User Management.
Authenticate for New Sessions: Enable this option to make an authentication session token valid for the current session only. Users must sign in again for every session to access Orchestrate from a new tab or window of the same browser.
Two Factor Authentication: Enable this option to authenticate the users using the username and password and a One-Time-Password (OTP). Two-factor authentication adds an extra layer of protection from accessing the applications. Select one or both of the following two-factor authentication types:
Email: Requires an OTP that is sent to the email ID of the user.
OTP Expiration Time: Enter the OTP expiration time in minutes. Once expired, users must generate a new OTP. For example, 5 Minutes.
Password Link Expiration Time: Enter the expiration time in minutes for the password reset link. Once expired, users must request a new password reset link. For example, 60 Minutes.
Password Reuse Policy: Enable this option and enter the count after which users can reuse a previously used password. For example, 5. If this option is disabled then users can reuse previously used passwords without any restriction.
Password Reset Interval: Enable this option and enter the days from the last password change after which users must reset their password. Orchestrate requests users to change the password after the specified interval expires. This value must be at least two days. If this option is disabled, then Orchestrate will not request users to change the password.
Password Expiry Notification: Enable this option and enter the days before the password expiration day to notify users about the password expiry. Users receive an email notification to reset their passwords. This value must be at least 1 day. If this option is disabled then users will not receive the password reset email.
Login Lockout: Enable this option to temporarily lock user accounts after a specific number of failed sign-in attempts and enter the following details: Enter the maximum number of failed sign-in attempts after which user accounts are locked either temporarily or permanently. For example, 5.
Password Format: Enable this option to apply the password format for the users. The password must not contain user name, first name, last name or email.
Enter the following details to configure the password format:
Characters: Enter the minimum number of characters that a password must include. The minimum password length must be at least 8 characters, with a maximum limit of 128 characters.
Password Character Combination: Select at least three of the following character types that must be included in the password:
Lowercase
Uppercase
Numbers
Special Characters
Click Save.