Introduction
The Authentication section in Administration allows system administrators to manage how users log in, how passwords are handled, and how long sessions remain active. It also includes advanced features such as two-factor authentication (2FA), password strength enforcement, session expiration settings, and protection against brute-force attacks. These settings enhance both usability and security.
Target audience
- Administrator
Overview of Authentication Settings
Accessing Authentication Settings
To access these settings, go to:
Administration → Settings → Authentication
Login and Session Settings
- Authentication required – When disabled, public projects and their content are accessible without login. Anonymous access permissions can be edited under Roles and permissions.
- Autologin – Specifies how many days the system remembers a user login without re-authentication.
- Session maximum lifetime – The maximum time a user can be logged in before being logged out, regardless of activity.
- Session inactivity timeout – Automatically logs a user out after a set period of inactivity.
Self-Registration
- Self-registration – Allows new users to register themselves. Choose between:
- Account activation by email
- Manual activation by admin
- Automatic activation upon first login
- Self-registered users are automatically added to group – Automatically assigns new users to a predefined group.
Password Security
- Minimum password length – Defines the minimum number of characters for passwords.
- Required character classes – Enforce use of uppercase, lowercase, digits, and/or special characters.
- Unique password counter – Defines after how many password changes a user may reuse a previous password.
- Required password after X days – Enforces password change after a set number of days. Users can disable password expiration notifications in their profile.
- Allow password reset via email – Sends password reset link to the user's email.
Note: Users should avoid saving their credentials in browsers to prevent misuse. Browsers may ignore app-level security and store passwords insecurely.
Two-Factor Authentication (2FA)
2FA provides an extra layer of security by requiring a second verification step in addition to a password.
- Disabled – Turns off 2FA and unpairs devices.
- Required – All users must enable 2FA.
- Required for administrators – Only admins must enable 2FA.
- Optional – Users can choose to enable/disable 2FA from their profile.
How It Works
- Users activate 2FA by scanning a QR code or entering a key into an authenticator app (e.g., Google Authenticator, Authy).
- A verification key is then entered to confirm and activate 2FA.
- Users can choose to remember devices for a specific number of days.
- Optionally, a warning can be shown if login is attempted from an unrecognized device.
Note: Only administrators can disable 2FA for other users. No user can enable 2FA for someone else.
Force 2FA for Groups
- Navigate to Administration → Groups
- Select a group → Check "Require two-factor authentication"
- All group members will be required to use 2FA on next login
Login Protection and Account Blocking
To prevent brute-force login attempts:
- Enable unsuccessful login attempt tracking – Activates the protection mechanism
- Block user after X attempts – Locks the user after multiple incorrect login attempts
- A custom message will appear on the login page to guide the blocked user.
- Administrators should enable email alerts to get notified about blocked accounts.
Unblocking Users
- Admins can unblock users by opening the user’s profile and clicking Unblock
- This is different from the Lock user feature, which hides users from the system entirely
Social Login Icons
- Display social service icons on the log-in page – Shows icons for login services like Google, Facebook, etc., if supported
Summary
The Authentication settings in Easy8 provide comprehensive control over login behavior, password strength, session duration, and security. Features like two-factor authentication and brute-force protection help secure user accounts, while flexible session and registration settings allow administrators to align authentication with organizational policies.
