AuthX Portal Guide

Users

(Roles Required: Owner, Administrator, User Manager, Help Desk, EPCS Enroller)

Users are the one who use the AuthX Authentication services (Two Factor/Password less Authentication) to log onto different applications protected by the company.

User Grid

  1. The user grid page lists user metrics like- Total Users and Not Enrolled

    1. Total Users are the number of active users in the company.

    2. Not Enrolled are the number of users whose enrollment is still pending.

  2. Below the metrics is the user grid. The user grid lists – Username, Name, Email, Locked, Status, Source type, Last login and Action

    1. Username: Username is unique for every user in a company.

    2. Name: Name of the user which includes first name and last name

    3. Email: The email address of the user is used by the user to login into applications. The email address is also a form of communication for the user.

    4. Status: A user’s status can be Active, Inactive and Locked Out.

      1. Active- A user’s status is active in the following situations:

        1. When the user has been enrolled.

        2. When the user is actively using the AuthX services. (Which is checked from the user’s last login)

      2. Inactive- A user’s status is inactive in the following situations:

        1. When the user hasn’t enrolled.

        2. When the user hasn’t used AuthX services, that is inactivity of the user. (Determined through last login and user settings).

        3. When the user has been deactivated.

      3. Locked out- A user’s status is locked out in the following situations:

        1. When the user fails to authenticate himself for a few times (Determined through the user settings), the user is locked out.

    5. Source Type: The source of how the user was added is an entry in this column.

      1. In-Cloud – When the users are added through the portal (i.e using the Add User button), the source type is In-cloud.

      2. AdSync – When the users are added through directory sync, the source type is AdSync.

      3. On-Prem – When the users are added through LDAP application, the source type is On-Prem

    6. Last Login: Last login is the timestamp of the when the user last logged into any application (and not just portal). If the user hasn’t enrolled, then the last login will be Never Authenticated.

    7. Delete – Providing an option to delete the user by Owner / Admin.

  3. Search – Use this search filter to pull the exact records you required

  4. Advance Search

    1. You can search the values by inputting the following details: User name, First Name, Last Name, Email, Status & SourceType

      1. After providing the inputs & click Apply – Respective values will be listed on the grid

      2. After providing the inputs & click Clear – Given values will be cleared

    2. Reset – Given values on the search & Advance search will get reset & the page will be refreshed

  5. This page also has the provision to add a user manually by the Add User button in the top right-hand corner.

Add a user (In-cloud)

(Roles Required: Owner, Administrator, User Manager)

The administrator adds a user manually or through portal using the add user button

Username

  1. The first step in adding a user is to fill in his username.

    1. The username here is checked for uniqueness. A username for the user is unique for a company.

    2. The username should be minimum of 6 characters and shouldn’t exceed 20 characters.

    3. The username can contain alpha numeric characters.

    4. The username can be an email address.

    5. The admin clicks on the Add user button to proceed to the next step in adding user.

Profile

  1. First Name

    1. User’s first name. This is a mandatory field.

    2. Example- Andy

  2. Last Name

    1. User’s last name. This is a mandatory field.

    2. Example- Johnson

  3. Alias Username

    1. Username alias is not a mandatory field.

    2. A user can have up to 4 username aliases.

    3. User can use his username alias to authenticate into applications.

    4. Example- andy.johnson

  4. Primary Username

    1. Primary username is the user’s principal name.

    2. This is not a mandatory field.

    3. User can use his primary username to authenticate into applications.

    4. Example- andy.johnson@certify.org

  5. Email

    1. User’s email address, which will be used for all the notification purposes.

    2. The user must use his email address to login to the portal.

    3. Example: andy.johnson@certifyglobal.com

  6. (When a user is trying to authenticate himself, all his information like- Username, Username aliases, primary username and email address is verified.)

  7. Groups

    1. Admin can assign groups to a user, by clicking on the Add Group link.

    2. Users can belong to multiple groups.

    3. If a user doesn’t belong to any group, default global policy will be applied.

  8. Notes

    1. Notes is not a mandatory field.

    2. Admin can write notes about the user in this space.

  9. Account Creation

    1. Account creation is the timestamp when the user was created or when the admin clicked on add user button in the username page.

    2. The time zone of the timestamp will be taken from the company’s general settings.

  10. Last Login

    1. Last Login is the timestamp of the user’s last login into the portal or any other applications.

    2. The time zone of the timestamp will be taken from the company’s general settings.

    3. When the user is being created, last login will be Never Authenticated.

  11. Phone Number

    1. This is a mandatory field.

    2. Admin can add users phone number in this field.

  12. After admin fills up the profile page of the user, he can click on Add User button to add the user.

After Adding User

Following are the things which happens once a user is added in-cloud or manually

  1. User’s information appears in the user grid, where status is Inactive and last login is Never Authenticated.

  2. The user also appears in pending enrollments grid.

  3. Not enrolled metrics count is increased by one.

  4. An enrollment email is sent to the user on his email address provided by the admin.

In-Cloud User Enrollment Workflow

Following are the steps for the user who was added manually to enroll to AuthX-

  1. Enrollment Email

    1. User receives an enrollment email to his mailbox.

    2. Below is the template for the enrollment email.

  2. Redirected to AuthX Page

    1. When the user clicks on the enrollment link, the user is directed to AuthX’s page.

  3. Create a Password

    1. The user is directed to create a password page.

    2. The user creates a password and confirms it.

  4. Mobile Number

    1. The user enters his phone number.

  5. QR Code

    1. The user sees a generated QR Code.

    2. User installs the mobile app and scans the QR code.

  6. Scanned QR Code

    1. The user scans the QR code.

    2. If the QR code is scanned successfully, the QR code has a green tick and an account is created on the mobile app.

Edit User

(Role Required: Owner, Administrator, User Manager)

Admins can edit a user’s profile by clicking on the username of the user.

  1. Admin cannot edit, users first name, last name, username aliases and primary username.

  2. Admin can however add username aliases, add groups for a user.

  3. Admin remove groups assigned to a user here too.

  4. Admin can edit user’s email address and notes.

  5. If a user changes his number (just his number and not his device), then the admin can edit the number in the phone number field and save changes. The phone number in the phones grid should change too

  6. Admin can delete user’s phone for reasons mentioned below- which will lead to the delete phone workflow (Delete Phone Workflow).

  7. Reasons for deleting Phone

    1. User changed his phone (Device) -> Delete Phone Workflow.

    2. User changed his phone number -> Delete Phone Workflow.

    3. User lost his phone and wants to disable the phone from being used->Delete Phone Workflow.

    4. User deleted the accounts in the app -> Delete Phone Workflow.

    5. Admin can enroll user’s bio metrics and deactivate them.

Delete Phone Workflow for user

(Role Required: Owner, Administrator, User Manager)

  1. Admin can delete user’s phone by clicking on the trash symbol in the edit user page

  2. A confirmation pop up appears for the admin to confirm once again. If no is chosen the phone is not deleted, when yes is chosen the phone is deleted.

  3. Once the phone is deleted- two things happen:

    1. Register user receives a Phone Number Deleted email

    2. The status of the phone changes to Inactive from active and in the action column there is an option “Send Enrollment Email & Send Enrollment Message”. After clicking on Send Enrollment email, an email would be triggered for the respective user to activate Phone.

      1. User is sent an Enroll Phone Number email. Below is the template for the Send Enrollment Email. On selecting the activation link, the respective user receives an Activate phone email.

      2. Select Activation link from the email, it will redirect to Phone number page (if needed, update the phone number)

      3. For activating, either scan QR code or Generate OTP method

      4. After scanning the QR code successfully, green tick mark displays on the QR code

      5. After click on continue, it redirects to Confirm your identity page. Use anyone of the authentication factors to login.

Inactive User (In-Cloud User)

(Role Required: Owner, Administrator, User Manager)

The admin can make the active user to Inactive, by clicking the toggle

  1. Users status will be changed to inactive.

  2. The user is no longer able to login into the portal.

Directory Sync

(Role Required: Owner, Administrator, User Manager)

The admin can use the directory sync to sync users from different sources. At this phase of our project we are only doing Azure Active Directory sync.

Azure Active Directory

The azure active directory lists the following data in the grid

  1. Name

    1. Name of the active directory which is being synced.

    2. This information is obtained from the sync.

  2. Send Enrollment?

    1. This flag describes if the user should be sent an enrollment email to enroll to AuthX.

    2. This is a flag that is set while syncing groups.

  3. Normalize Usernames?

    1. This flag describes all the aliases of the user from the AD and AuthX normalizes those usernames.

    2. This is a flag that is set while syncing groups

  4. Last Scheduled Sync

    1. This is the time stamp of when the last sync was conducted.

    2. Usually the sync happens every overnight.

    3. This information is obtained from the sync.

Azure Active Directory Sync Workflow

The admin sync’s a new directory by clicking on the New Directory button in the top right corner of the directory sync page.

  1. The admin authorizes the sync by clicking on the Authorize button under Azure Active Directory->Azure Active Directory tabs.

  2. The admin is redirected to a page where he logins to his Microsoft account by entering his password.

  3. The admin accepts the permission requested by Microsoft by clicking on the Accept button.

  4. The admin is directed back to the AuthX portal, where the user can select the groups that he wants to sync. The admin can choose multiple groups. Admin must choose at least one group

  5. After the directory sync is added,

    1. Not Enrolled metric count increases.

    2. All the users synced are in the Users grid, with the user’s status being Inactive, Source type being Ad Sync and Last Login being Never Authenticated.

    3. The groups synced in the Groups grid with list of users count

User Enrollment Workflow (Synced User)

(Role Required: Synced User)

The user enrollment workflow for synced users is different from the in-cloud users enrollment workflow. Following are the steps for the user who was synced to enroll to AuthX-

  1. Enrollment Email

    1. User receives an enrollment email to his mailbox.

    2. Below is the template for the enrollment email.

  2. Select enrollment, user is directed to the Create password page

  3. Redirect to Phone number page (if needed, update the phone number)

  4. For activating, either scan QR code or Generate OTP method

  5. After scanning the QR code successfully, green tick mark displays on the QR code

  6. After click on continue, it redirects to Confirm your identity page. Use anyone of the authentication factors to login.

Editing User (Synced User)

The admins (Owner, Administrator and User Manager) cannot edit a user’s information like First name, Last name, Username Aliases and Primary Username. The admin however can delete user’s phone.

Deactivating User (Synced User)

The admins (Owner, Administrator and User Manager) cannot deactivate a user who has been synced into the system. They can only deactivate the user from the directory in Microsoft Azure (from where he was synced). Therefore, below is the screenshot of the edit user page for Synced User